Trojaner-Board - Bundestrojaner - gen:trojan.heur.@x9@xqmee8gi

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Bundestrojaner - gen:trojan.heur.@x9@xqmee8gi (https://www.trojaner-board.de/121401-bundestrojaner-gen-trojan-heur-x9-xqmee8gi.html)

Bundestrojaner - gen:trojan.heur.@x9@xqmee8gi

Hallo,

habe mir gestern oben genannten Trojaner auf meinem Laptop eingefangen. Nach dem Windows7 Start kommt die Aufforderung per UCASH zu bezahlen (was ich definitiv nicht tuen werde).

Wollte dann wie unter "Für alle Hilfesuchenden" beschrieben mit Malwarebytes dem Schädling zuleibe rücken. Leider taucht unter dem admin Account des Windows sofort der "Sperrbildschirm" auf. Und unter den anderen existierenden Benutzern darf ich die Software nicht installieren! (auch nicht wenn ich per Rechtsklick "als Administrator ausführen" wähle: Keine Berechtigung)

Habe nun mit einer CD aus der PCWelt (Bitdefender) gebootet und den vorhanden Virenscanner laufen lassen. Dieser hat mir angezeigt, dass mein Avira mit dem Trojaner:

gen:trojan.heur.@x9@xqmee8gi

infiziert ist.

Wie gehe ich weiter vor? Bringt es was die gefundenen infizierten Dateien mittels des Virenscanners der Bitdefendercd zu löschen / in Quarantäne zu verschieben??

Hoffe auf eure Hilfe!

Habe mit der DECleaner CD von Botfrei unter /users/admin/appdata/local/temp/js/def.js tr/archsms.rbr.12 entfernt, anschliessend konnte ich den adminaccount wieder ohe Sperrbildschirm starten und mit den angegebenen Programmen scannen. Logs siehe unten!

Ich vermute mal das wars aber wohl noch nicht, oder?

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.08.06.11
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: COREI3 [Administrator]
 

06.08.2012 20:56:18

mbam-log-2012-08-06 (20-56-18).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 268927

Laufzeit: 3 Minute(n), 49 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.08.06.11
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: COREI3 [Administrator]
 

06.08.2012 21:07:22

mbam-log-2012-08-06 (21-07-22).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 426868

Laufzeit: 1 Stunde(n), 8 Minute(n), 49 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

OTL logfile created on: 06.08.2012 23:32:57 - Run 1

OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,86 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 49,57% Memory free

7,71 Gb Paging File | 5,55 Gb Available in Paging File | 72,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 447,66 Gb Total Space | 110,62 Gb Free Space | 24,71% Space Free | Partition Type: NTFS

Drive D: | 391,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 7,39 Gb Total Space | 7,38 Gb Free Space | 99,85% Space Free | Partition Type: FAT32

 

Computer Name: COREI3 | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.06 23:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

PRC - [2012.08.04 00:32:58 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

PRC - [2012.07.18 10:54:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.05.08 22:39:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 22:39:45 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 22:39:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.07.01 04:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe

PRC - [2011.07.01 04:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2011.07.01 04:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2011.05.20 11:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2011.05.20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

PRC - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe

PRC - [2011.03.31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2008.05.19 00:00:00 | 001,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.08.04 00:32:58 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

MOD - [2012.07.18 10:54:19 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011.05.20 11:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2011.05.20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

MOD - [2008.05.19 00:00:00 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng13.dll

MOD - [2008.05.19 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll

MOD - [2008.05.19 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll

MOD - [2008.05.19 00:00:00 | 000,053,248 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\aim.dll

MOD - [2008.05.19 00:00:00 | 000,016,896 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll

MOD - [2008.05.19 00:00:00 | 000,014,336 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\msn.dll

MOD - [2008.05.19 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll

MOD - [2008.05.19 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll

MOD - [2008.05.19 00:00:00 | 000,008,192 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll

MOD - [2008.05.19 00:00:00 | 000,008,192 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\irc.dll

MOD - [2008.05.19 00:00:00 | 000,005,632 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\proxy.dll

MOD - [2008.05.19 00:00:00 | 000,004,096 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.08.04 00:32:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.18 10:54:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.08 22:39:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 22:39:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.09.25 22:39:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV - [2011.03.31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.03.29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 22:39:47 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 22:39:47 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.06.10 20:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.05.16 14:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2011.05.10 05:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2011.05.06 10:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.03.31 00:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2011.01.20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2011.01.20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010.07.29 15:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 10:54:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.09 19:47:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.01.04 18:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions

[2012.08.06 20:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions

[2012.03.02 17:32:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.02.23 15:39:55 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2012.05.24 22:44:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\ich@maltegoetz.de

[2012.08.06 20:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\staged

[2012.07.09 23:12:42 | 000,000,853 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\11-suche.xml

[2012.07.09 23:12:42 | 000,002,209 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\englische-ergebnisse.xml

[2012.07.09 23:12:42 | 000,010,506 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\gmx-suche.xml

[2012.07.09 23:12:42 | 000,002,368 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\lastminute.xml

[2012.07.09 23:12:42 | 000,005,489 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\webde-suche.xml

[2012.05.11 20:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012.07.09 23:12:11 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K98MP3P9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.07.18 10:54:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.09 23:12:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.09 23:12:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.09 23:12:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.09 23:12:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.09 23:12:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.09 23:12:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 150.200.3.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A2C282-5C5C-4D9B-9EB1-60DC40A9953A}: DhcpNameServer = 192.168.123.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.06 23:31:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012.08.06 22:27:36 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.08.06 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012.08.06 20:55:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.08.06 20:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.08.06 00:47:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\hellomoto

[2012.08.04 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Neuer Ordner

[2012.07.26 19:11:16 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012.07.26 19:11:16 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012.07.26 19:11:16 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012.07.26 19:11:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2012.07.26 19:11:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.07.26 19:11:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.07.26 19:10:58 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012.07.26 19:10:57 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2012.07.26 19:10:57 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2012.07.23 22:19:06 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\OpenTTD

[2012.07.22 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOSBox-0.72

[2012.07.22 22:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.72

[2012.07.22 22:22:28 | 000,000,000 | ---D | C] -- C:\ufo

[2012.07.22 22:21:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktopufo

[2012.07.20 00:39:49 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe

[2012.07.20 00:33:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012.07.20 00:33:15 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012.07.20 00:33:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012.07.20 00:32:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.07.20 00:32:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.07.20 00:32:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.07.20 00:32:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.07.20 00:32:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.07.20 00:32:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.07.20 00:32:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.07.20 00:32:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.07.20 00:32:37 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.07.20 00:32:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.07.20 00:32:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.07.20 00:32:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.07.20 00:32:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.07.20 00:28:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012.07.20 00:28:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012.07.20 00:27:35 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2012.07.20 00:27:35 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2012.07.20 00:27:28 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012.07.20 00:27:28 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012.07.20 00:27:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012.07.20 00:27:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012.07.20 00:27:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012.07.20 00:27:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012.07.20 00:27:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012.07.20 00:27:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012.07.20 00:27:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012.07.20 00:27:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012.07.20 00:27:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012.07.20 00:27:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.07.20 00:27:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.07.20 00:27:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.07.20 00:27:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.07.20 00:27:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012.07.20 00:27:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.07.20 00:27:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.07.20 00:27:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.07.20 00:27:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012.07.20 00:27:16 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012.07.20 00:27:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.20 00:27:16 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012.07.20 00:27:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012.07.20 00:27:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012.07.20 00:27:11 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2012.07.20 00:27:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2012.07.20 00:27:03 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.20 00:27:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.20 00:26:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.20 00:26:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.20 00:26:55 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012.07.20 00:26:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012.07.20 00:26:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012.07.20 00:26:51 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2012.07.20 00:26:51 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2012.07.20 00:26:43 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012.07.20 00:26:40 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012.07.20 00:26:39 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012.07.20 00:26:38 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012.07.20 00:26:31 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012.07.20 00:26:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012.07.20 00:26:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012.07.20 00:26:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012.07.20 00:26:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2012.07.20 00:26:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2012.07.20 00:26:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2012.07.20 00:26:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2012.07.20 00:26:22 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2012.07.20 00:26:22 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2012.07.20 00:26:21 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2012.07.20 00:26:21 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2012.07.20 00:26:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2012.07.20 00:26:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2012.07.20 00:26:21 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2012.07.20 00:26:21 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2012.07.20 00:26:21 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2012.07.20 00:26:21 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2012.07.20 00:26:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2012.07.20 00:26:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012.07.20 00:26:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012.07.20 00:26:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2012.07.20 00:26:16 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2012.07.20 00:26:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2012.07.18 11:50:25 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ImgBurn

[2012.07.18 11:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2012.07.18 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2012.07.16 00:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia

[2012.07.16 00:33:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\German Truck Simulator

[2012.07.11 01:55:41 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012.07.11 01:55:41 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012.07.11 01:55:40 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012.07.11 01:55:28 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012.07.11 01:55:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012.07.11 01:55:28 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012.07.11 01:55:19 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012.07.11 01:55:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012.07.08 23:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.07.08 23:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.06 23:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.08.06 23:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012.08.06 22:27:36 | 000,002,975 | ---- | M] () -- C:\Users\admin\Desktop\HiJackThis.lnk

[2012.08.06 20:58:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.06 20:58:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.06 20:58:03 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.08.06 20:58:03 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.08.06 20:58:03 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.08.06 20:58:03 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.08.06 20:58:03 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.08.06 20:55:14 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.06 20:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.06 20:51:01 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.06 16:53:58 | 000,353,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.08.04 18:34:37 | 000,015,872 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.08.04 00:32:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.08.04 00:32:58 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.08.03 23:41:44 | 002,292,531 | ---- | M] () -- C:\Users\admin\Desktop\IMG_4541.JPG

[2012.08.03 17:13:42 | 002,359,350 | ---- | M] () -- C:\Windows\ACD Wallpaper.cmp

[2012.08.01 22:38:12 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini

[2012.07.29 00:43:01 | 047,099,756 | ---- | M] () -- C:\Users\admin\Desktop\hitzerode waldabschnitt rot.mp4

[2012.07.22 22:23:40 | 000,001,972 | ---- | M] () -- C:\Users\admin\Desktop\DOSBox 0.72.lnk

[2012.07.18 11:41:24 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012.07.17 00:57:28 | 000,001,228 | ---- | M] () -- C:\Users\admin\Desktop\RocknRolla.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.08.06 22:27:36 | 000,002,975 | ---- | C] () -- C:\Users\admin\Desktop\HiJackThis.lnk

[2012.08.06 20:55:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.03 23:40:52 | 002,292,531 | ---- | C] () -- C:\Users\admin\Desktop\IMG_4541.JPG

[2012.07.29 00:40:27 | 047,099,756 | ---- | C] () -- C:\Users\admin\Desktop\hitzerode waldabschnitt rot.mp4

[2012.07.22 22:23:40 | 000,001,972 | ---- | C] () -- C:\Users\admin\Desktop\DOSBox 0.72.lnk

[2012.07.18 11:41:24 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

[2012.07.18 11:41:24 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012.07.17 00:57:28 | 000,001,228 | ---- | C] () -- C:\Users\admin\Desktop\RocknRolla.lnk

[2012.02.24 18:03:32 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe

[2012.02.06 16:25:38 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini

[2012.01.06 19:52:41 | 000,015,872 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.01.04 19:02:29 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini

[2012.01.04 18:08:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.01.04 18:08:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012.01.04 18:08:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012.01.04 18:08:22 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011.08.12 09:37:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.08.12 09:37:07 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.08.12 09:37:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.08.12 09:37:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.08.12 09:37:03 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 

< End of report >

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 23:45 on 06/08/2012 (admin)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Hoffe mit den Scanns kann mir jemand weiterhelfen!

erinnerung, hoffe mir kann jemand helfen....
nutze den rechner momentan nicht da ich bedenken hab, dass noch was drauf ist.

:hallo:

Problem noch aktuell?

Ja, wie oben geschrieben nutze ich den PC momentan nicht, da ich Bedenken habe ob schon alle Schadsoftware entfernt ist. Ist also noch aktuell.

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*

%APPDATA%\*AcroIEH*.*

%APPDATA%\*.exe

%APPDATA%\*.tmp

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 27.08.2012 04:00:01 - Run 2

OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,90% Memory free

7,71 Gb Paging File | 6,08 Gb Available in Paging File | 78,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 447,66 Gb Total Space | 103,27 Gb Free Space | 23,07% Space Free | Partition Type: NTFS

 

Computer Name: COREI3 | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.27 03:35:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2011.07.01 04:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe

PRC - [2011.07.01 04:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2011.07.01 04:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2011.05.20 11:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2011.05.20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe

PRC - [2011.03.31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.05.20 11:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2011.05.20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.08.15 09:32:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.18 10:54:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.09.25 22:39:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV - [2011.03.31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.03.29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.06.10 20:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.05.16 14:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2011.05.10 05:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2011.05.06 10:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.03.31 00:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011.01.20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2011.01.20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010.07.29 15:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "hxxp://www.google.com/search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.23 17:27:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 10:54:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.09 19:47:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.01.04 18:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions

[2012.08.26 00:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions

[2012.08.23 17:47:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.03.02 17:32:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.08.26 00:42:14 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2012.08.23 17:47:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\firefox@ghostery.com

[2012.05.24 22:44:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\k98mp3p9.default\extensions\ich@maltegoetz.de

[2012.08.17 02:16:02 | 000,000,853 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\11-suche.xml

[2012.08.17 02:16:02 | 000,002,209 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\englische-ergebnisse.xml

[2012.08.17 02:16:02 | 000,010,506 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\gmx-suche.xml

[2012.08.17 02:16:02 | 000,002,368 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\lastminute.xml

[2012.08.17 02:16:02 | 000,005,489 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\searchplugins\webde-suche.xml

[2012.05.11 20:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012.08.23 17:27:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.08.23 17:39:25 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K98MP3P9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI

[2012.08.23 17:47:03 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K98MP3P9.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI

[2012.08.23 17:47:05 | 000,015,029 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K98MP3P9.DEFAULT\EXTENSIONS\YOUTUBEDOWNLOADER@HUANGHO.NET76.NET.XPI

[2012.07.18 10:54:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.09 23:12:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.09 23:12:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.09 23:12:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.09 23:12:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.09 23:12:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.09 23:12:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2082124108-905001588-2276920608-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2082124108-905001588-2276920608-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Verknüpfung.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2082124108-905001588-2276920608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 192.168.24.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A2C282-5C5C-4D9B-9EB1-60DC40A9953A}: DhcpNameServer = 192.168.123.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.27 03:35:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012.08.13 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012.08.08 22:18:51 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.08.08 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.08.08 22:18:50 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.08.08 22:18:48 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012.08.08 22:18:47 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.08.08 22:18:46 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.08.08 22:18:41 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.08.08 22:18:40 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012.08.08 22:18:26 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.08.08 22:18:25 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.08.08 22:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.08.08 22:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.08.06 22:27:36 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.08.06 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012.08.06 20:55:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.08.06 20:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.08.06 00:47:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\hellomoto

[2012.08.04 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Neuer Ordner

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.27 03:35:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012.08.27 03:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.08.26 21:09:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.26 20:31:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.08.26 20:31:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.08.26 20:31:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.08.26 20:31:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.08.26 20:31:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.08.26 17:12:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.26 17:12:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.26 17:05:04 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.23 17:27:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012.08.21 22:52:47 | 002,668,820 | ---- | M] () -- C:\Users\admin\Desktop\IMG_5187.jpg

[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012.08.19 22:19:22 | 000,004,694 | ---- | M] () -- C:\Users\admin\Desktop\i_3332.jpg

[2012.08.17 01:02:19 | 000,340,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.08.12 00:38:30 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini

[2012.08.06 23:45:53 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable

[2012.08.04 18:34:37 | 000,015,872 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.08.03 17:13:42 | 002,359,350 | ---- | M] () -- C:\Windows\ACD Wallpaper.cmp

 
 ========== Files Created - No Company Name ==========

 

[2012.08.21 22:52:46 | 002,668,820 | ---- | C] () -- C:\Users\admin\Desktop\IMG_5187.jpg

[2012.08.19 22:19:15 | 000,004,694 | ---- | C] () -- C:\Users\admin\Desktop\i_3332.jpg

[2012.08.08 22:18:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012.08.06 23:45:53 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable

[2012.02.24 18:03:32 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe

[2012.02.06 16:25:38 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini

[2012.01.06 19:52:41 | 000,015,872 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.01.04 19:02:29 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini

[2012.01.04 18:08:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.01.04 18:08:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012.01.04 18:08:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012.01.04 18:08:22 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011.08.12 09:37:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.08.12 09:37:07 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.08.12 09:37:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.08.12 09:37:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.08.12 09:37:03 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

 
 ========== LOP Check ==========

 

[2012.01.06 19:51:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ACD Systems

[2012.01.27 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Boilsoft

[2012.08.26 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox

[2012.05.18 23:19:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft

[2012.03.02 17:32:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.14 01:16:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\elsterformular

[2012.08.06 00:48:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\hellomoto

[2012.01.13 20:34:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2012.01.07 23:54:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ubisoft

[2012.08.18 10:00:08 | 000,000,000 | ---D | M] -- C:\Users\Karl\AppData\Roaming\gnupg

[2009.07.14 07:08:49 | 000,015,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.01.06 19:51:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ACD Systems

[2012.01.09 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe

[2012.01.27 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Boilsoft

[2012.02.20 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CyberLink

[2012.08.26 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox

[2012.05.18 23:19:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft

[2012.03.02 17:32:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.14 01:16:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\elsterformular

[2012.08.06 00:48:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\hellomoto

[2012.01.04 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities

[2012.08.23 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia

[2012.06.10 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs

[2012.01.04 20:36:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Player Classic

[2012.06.09 02:01:08 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft

[2012.03.14 23:07:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mIRC

[2012.01.04 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla

[2012.02.08 17:40:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NCH Software

[2012.04.15 22:50:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NVIDIA

[2012.08.27 03:37:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Skype

[2012.01.13 20:34:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2012.01.07 23:54:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ubisoft

[2012.03.02 18:07:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\vlc

[2012.04.26 23:35:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.01.04 19:04:37 | 000,053,248 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{24561814-4815-4387-AC59-05DDEC5AF013}\ACDSee_Dsktp_Shtcut.exe

[2012.01.04 19:04:37 | 000,053,248 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{24561814-4815-4387-AC59-05DDEC5AF013}\ACDSee_PM_Shtcut.exe

[2012.01.04 19:04:37 | 002,592,768 | R--- | M] (ACD Systems, Ltd.) -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{24561814-4815-4387-AC59-05DDEC5AF013}\ARPPRODUCTICON.exe

[2012.01.04 19:04:37 | 000,012,062 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{24561814-4815-4387-AC59-05DDEC5AF013}\FotoCanvasLite_Dsktp_Shtcut.exe

[2012.01.04 19:04:37 | 000,012,062 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{24561814-4815-4387-AC59-05DDEC5AF013}\FotoCanvasLite_PM_Shtcut.exe

[2012.08.06 22:27:36 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2008.02.13 09:07:36 | 000,393,216 | ---- | M] () -- C:\Users\admin\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >

[2012.07.20 11:49:39 | 000,000,174 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2012.07.03 15:29:08 | 000,001,051 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

 
 < %APPDATA%\*AcroIEH*.* >

 
 < %APPDATA%\*.exe >

 
 < %APPDATA%\*.tmp >
 

< End of report >

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found 

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

FF - prefs.js..browser.search.selectedEngine: "http://www.google.com/search" 

FF - prefs.js..browser.search.useDBForOrder: true 

FF - prefs.js..network.proxy.type: 0 

FF - user.js - File not found 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found 

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 

O4 - HKU\S-1-5-21-2082124108-905001588-2276920608-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 

O4 - Startup: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Verknüpfung.lnk = File not found 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 

O7 - HKU\S-1-5-21-2082124108-905001588-2276920608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKU\S-1-5-21-2082124108-905001588-2276920608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O32 - HKLM CDRom: AutoRun - 1 

[2012.08.23 17:27:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt 
 
 

[2012.08.06 00:47:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\hellomoto 
 

:Files

C:\Users\admin\AppData\Local\{*}

C:\ProgramData\*.exe

C:\ProgramData\TEMP

C:\Users\admin\AppData\Local\Temp\*.exe

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Hi,

kann den Avas scanner im Taskmanger nicht abschiessen, und im Autostartmenue ist er nicht vorhanden. Wie kann ich den abstellen?

MfG
Bandit0815

Zur Not deinstallieren.

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-2082124108-905001588-2276920608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0381dbd-e018-4e07-ae40-d96ab15083f0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\ not found.

HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-21-2082124108-905001588-2276920608-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "hxxp://www.google.com/search" removed from browser.search.selectedEngine

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: 0 removed from network.proxy.type

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

Registry value HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

File move failed. C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Verknüpfung.lnk scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.

Registry value HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1000\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1004\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2082124108-905001588-2276920608-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\Windows\SysWow64\config.nt not found.

Folder C:\Users\admin\AppData\Roaming\hellomoto\ not found.

========== FILES ==========

File\Folder C:\Users\admin\AppData\Local\{*} not found.

File\Folder C:\ProgramData\*.exe not found.

File\Folder C:\ProgramData\TEMP not found.

File\Folder C:\Users\admin\AppData\Local\Temp\*.exe not found.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\admin\Desktop\cmd.bat deleted successfully.

C:\Users\admin\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin

->Temp folder emptied: 314288 bytes

->Temporary Internet Files folder emptied: 33357 bytes

->FireFox cache emptied: 55517245 bytes

->Flash cache emptied: 492 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Karl

->Temp folder emptied: 669798 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 74538690 bytes

->Flash cache emptied: 869 bytes

 

User: Lydia

->Temp folder emptied: 188984 bytes

->Temporary Internet Files folder emptied: 2535762 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 680 bytes

 

User: Public

 

User: Tim

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1624791 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 245276997 bytes

 

Total Files Cleaned = 363,00 mb

 

 

OTL by OldTimer - Version 3.2.59.1 log created on 09032012_004727
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Verknüpfung.lnk not found!

File\Folder C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File\Folder C:\Users\admin\AppData\Local\Temp\LMworker.log not found!

File\Folder C:\Users\admin\AppData\Local\Temp\MMDUtl.log not found!

C:\Users\Karl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Karl\AppData\Local\Temp\MMDUtl.log moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Der Rechner läuft wie vor der Infektion, sauber und stabil. Keine unerwarteten Programmabbrüche oder Systemabstürze.

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.09.03.07
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: COREI3 [Administrator]
 

03.09.2012 21:34:18

mbam-log-2012-09-03 (21-34-18).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 418298

Laufzeit: 51 Minute(n), 25 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

# AdwCleaner v2.000 - Datei am 09/03/2012 um 22:30:11 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : admin - COREI3

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\admin\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gefunden : C:\Program Files (x86)\Conduit

Ordner Gefunden : C:\ProgramData\Trymedia

Ordner Gefunden : C:\Users\admin\AppData\Local\Conduit

Ordner Gefunden : C:\Users\admin\AppData\LocalLow\Conduit

Ordner Gefunden : C:\Users\Lydia\AppData\LocalLow\Conduit

Ordner Gefunden : C:\Users\Lydia\AppData\LocalLow\PriceGong
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\Conduit

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2765711

Schlüssel Gefunden : HKLM\Software\Conduit
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profilname : default 

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Profilname : default 

Datei : C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\r7jcozkc.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Profilname : default 

Datei : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\2kzwa2ko.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1649 octets] - [03/09/2012 22:27:14]

AdwCleaner[R2].txt - [1578 octets] - [03/09/2012 22:30:11]
 

########## EOF - C:\AdwCleaner[R2].txt - [1638 octets] ##########

Sehr gut! :daumenhoc

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Code:

Emsisoft Anti-Malware - Version 6.6

Letztes Update: 04.09.2012 19:51:29
 

Scan Einstellungen:
 

Scan Methode: Detail Scan

Objekte: Rootkits, Speicher, Traces, C:\

Archiv Scan: An

ADS Scan: An
 

Scan Beginn:        04.09.2012 23:54:20
 

Key: hkey_local_machine\software\trymedia systems         gefunden: Trace.Registry.trymedia!E1

Key: hkey_local_machine\software\trymedia systems\activemark software         gefunden: Trace.Registry.trymedia!E1

C:\Users\admin\AppData\Local\Microsoft\Windows\813\80344b5d         gefunden: Trojan.Win32.Ransom!E2

C:\Games\Transport Tycoon Deluxe for Windows\ttdpatchw.exe         gefunden: Riskware.Patch.TTD!E2

C:\Games\Transport Tycoon Deluxe for Windows\TTDLOADW.OVL         gefunden: Packed.Win32.Krap!E2
 

Gescannt        655344

Gefunden        5
 

Scan Ende:        05.09.2012 00:38:39

Scan Zeit:        0:44:19

Code:

# AdwCleaner v2.000 - Datei am 09/04/2012 um 19:35:33 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : admin - COREI3

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\admin\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\ProgramData\Trymedia

Ordner Gelöscht : C:\Users\admin\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Lydia\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Lydia\AppData\LocalLow\PriceGong
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2765711

Schlüssel Gelöscht : HKLM\Software\Conduit
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profilname : default 

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Profilname : default 

Datei : C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\r7jcozkc.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Profilname : default 

Datei : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\2kzwa2ko.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1649 octets] - [03/09/2012 22:27:14]

AdwCleaner[R2].txt - [1707 octets] - [03/09/2012 22:30:11]

AdwCleaner[S1].txt - [2202 octets] - [04/09/2012 19:35:33]
 

########## EOF - C:\AdwCleaner[S1].txt - [2262 octets] ##########

Sehr gut! :daumenhoc

Lasse die Funde in Quarantaene verschieben, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6bede0f5cdc15c4d9d977e31b0f07df8

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-10 02:41:52

# local_time=2012-09-10 04:41:52 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 2996195 2996195 0 0

# compatibility_mode=5893 16776573 100 94 198409 98910900 0 0

# compatibility_mode=8192 67108863 100 0 319 319 0 0

# scanned=225652

# found=1

# cleaned=1

# scan_time=7061

F:\!!Restelager!!\vom laptop\zeuch\rld-an27\Crack\solidcore32.dll        a variant of Win32/Kryptik.FM trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Code:

ComboFix 12-09-11.01 - admin 11.09.2012  15:40:58.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2905 [GMT 2:00]

ausgeführt von:: c:\users\admin\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\admin\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf

c:\windows\SysWow64\FlashPlayerInstaller.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-11 bis 2012-09-11  ))))))))))))))))))))))))))))))

.

.

2012-09-11 13:46 . 2012-09-11 13:46        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-09-11 13:46 . 2012-09-11 13:46        --------        d-----w-        c:\users\***\AppData\Local\temp

2012-09-11 13:46 . 2012-09-11 13:46        --------        d-----w-        c:\users\*****\AppData\Local\temp

2012-09-10 12:37 . 2012-09-10 12:37        73696        ----a-w-        c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-09-08 03:03 . 2012-08-23 08:26        9310152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{565F770E-ABAA-4175-A0F7-B71F9CA87100}\mpengine.dll

2012-09-04 17:38 . 2012-09-10 12:23        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware

2012-09-03 00:57 . 2012-09-03 00:59        --------        d-----w-        c:\program files (x86)\Google

2012-09-03 00:57 . 2012-09-03 00:57        --------        d-----w-        c:\users\admin\AppData\Local\Google

2012-08-31 16:50 . 2012-08-31 16:50        --------        d-----w-        c:\users\admin\.thumbnails

2012-08-31 16:48 . 2012-08-31 16:48        --------        d-----w-        c:\users\admin\AppData\Local\fontconfig

2012-08-31 16:48 . 2012-08-31 16:58        --------        d-----w-        c:\users\admin\.gimp-2.8

2012-08-31 16:48 . 2012-08-31 16:48        --------        d-----w-        c:\users\admin\AppData\Local\gegl-0.2

2012-08-31 16:46 . 2012-08-31 16:47        --------        d-----w-        c:\program files\GIMP 2

2012-08-29 16:11 . 2012-08-29 16:11        --------        d-----w-        C:\_OTL

2012-08-18 08:00 . 2012-08-18 08:00        --------        d-----w-        c:\users\****\AppData\Roaming\gnupg

2012-08-18 07:59 . 2012-08-18 07:59        --------        d-----w-        c:\users\****\AppData\Local\Thunderbird

2012-08-15 20:20 . 2012-02-11 06:43        751104        ----a-w-        c:\windows\system32\win32spl.dll

2012-08-15 20:20 . 2012-02-11 06:36        559104        ----a-w-        c:\windows\system32\spoolsv.exe

2012-08-15 20:20 . 2012-02-11 06:36        67072        ----a-w-        c:\windows\splwow64.exe

2012-08-15 20:20 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll

2012-08-15 20:20 . 2012-05-05 08:36        503808        ----a-w-        c:\windows\system32\srcore.dll

2012-08-15 20:20 . 2012-05-05 07:46        43008        ----a-w-        c:\windows\SysWow64\srclient.dll

2012-08-15 20:20 . 2012-07-04 22:16        73216        ----a-w-        c:\windows\system32\netapi32.dll

2012-08-15 20:20 . 2012-07-04 22:13        59392        ----a-w-        c:\windows\system32\browcli.dll

2012-08-15 20:20 . 2012-07-04 22:13        136704        ----a-w-        c:\windows\system32\browser.dll

2012-08-15 20:20 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\SysWow64\browcli.dll

2012-08-15 20:20 . 2012-07-18 18:15        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-08-15 20:20 . 2012-05-14 05:26        956928        ----a-w-        c:\windows\system32\localspl.dll

2012-08-13 14:25 . 2012-08-13 14:25        --------        d-----w-        c:\program files (x86)\Microsoft.NET

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-07 15:04 . 2012-08-06 18:55        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-08-21 09:12 . 2012-08-08 20:18        285328        ----a-w-        c:\windows\system32\aswBoot.exe

2012-08-15 20:37 . 2012-07-19 22:36        62134624        ----a-w-        c:\windows\system32\MRT.exe

2012-08-15 07:32 . 2012-04-21 20:30        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 07:32 . 2011-08-12 07:32        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-06 20:27 . 2012-08-06 20:27        388096        ----a-r-        c:\users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 116648]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 116648]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-30 25960]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]

S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 07:32]

.

2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 00:57]

.

2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 00:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.123.254

FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\k98mp3p9.default\

FF - prefs.js: browser.search.selectedEngine - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Launch Manager\LMutilps32.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-09-11  15:51:48 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-09-11 13:51

.

Vor Suchlauf: 16 Verzeichnis(se), 58.377.736.192 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 57.864.785.920 Bytes frei

.

- - End Of File - - AE4C1936B4FD11C68233ACA8DC5B12AF

Code:

???? ??? Windows Live

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?????????? Windows Live

?????????? Windows Live

??????????? ?? Windows Live

ACDSee 4.0.1 Standard

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer Updater

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Boilsoft Video Splitter 6.01

clear.fi

clear.fi Client

D3DX10

Debut Video Capture Software

Dolby Advanced Audio v2

Dropbox

Fotogalerija Windows Live

Foxit Reader

Free Studio version 5.3.5

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galeria fotogràfica del Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Google Earth Plug-in

Google Update Helper

HiJackThis

Identity Card

Intel(R) Control Center

Intel(R) Management Engine Components

Intel(R) Processor Graphics

Intel(R) Rapid Storage Technology

Java Auto Updater

Java(TM) 6 Update 32

Junk Mail filter update

K-Lite Mega Codec Pack 8.0.7

Launch Manager

Malwarebytes Anti-Malware Version 1.65.0.1400

Mesh Runtime

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0.1 (x86 de)

Mozilla Maintenance Service

Mozilla Thunderbird 15.0 (x86 de)

MSVCRT

MSVCRT_amd64

NVIDIA PhysX

PDF24 Creator 4.1.2

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Pošta Windows Live

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

S?????? f?t???af??? t?? Windows Live

Samsung Universal Scan Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.10

Tinypic 3.18

Trillian

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.1.11

Welcome Center

Winamp (remove only)

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Code:

PluginCheck
 

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.

Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
 

    Firefox 15.0.1 ist aktuell
 

    Flash (11,4,402,265) ist aktuell.
 

    Java (1,7,0,7) ist aktuell.
 

    Adobe Reader ist nicht installiert oder aktiviert

Code:

PluginCheck
 

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.

Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
 

    Firefox 15.0.1 ist aktuell
 

    Flash (11,4,402,265) ist aktuell.
 

    Java (1,7,0,7) ist aktuell.
 

    Adobe Reader ist nicht installiert oder aktiviert.

Java deaktivieren!

Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

Kommt zwar spät, war aber ne ganze Weile verhindert.....

DANKE für die super Hilfe!!! Ohne dieses Forum und t´john hätte es bestimmt ewig gedauert.

NOCHMAL EIN FETTES DANKESCHÖN!!!