Trojaner-Board - Iexplore.exe 32 im Taskmanager startet sich selbst 3 mal /

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Iexplore.exe 32 im Taskmanager startet sich selbst 3 mal / (https://www.trojaner-board.de/131202-iexplore-exe-32-taskmanager-startet-selbst-3-mal.html)

Iexplore.exe 32 im Taskmanager startet sich selbst 3 mal /

Hallo Trojaner Board,
also ich habe folgendes Problem, dass seit einiger Zeit habe im Task-Manager unter laufende Prozesse drei namens IEXPLORE.EXE.32 auftauchen und jede Menge Arbeitsspeicher in Anspruch nehmen. Wenn ich die Prozesse beende, ist 1 sekunde später sofort wieder ein neuer da. Die Prozesse verweisen beide auf C:/Programme/InternetExplorer/iexplore.exe! Videos stocken im Internet Explorer, auch ansonsten ist die Verbindung sehr sehr langsam.

Vielen DANK für eure Hilfe!

Hier die Log File von OTL:

Code:

OTL logfile created on: 17.02.2013 23:32:16 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,91% Memory free

9,65 Gb Paging File | 8,12 Gb Available in Paging File | 84,18% Paging File free

Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284,56 Gb Total Space | 7,13 Gb Free Space | 2,51% Space Free | Partition Type: NTFS

Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.17 06:11:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2009.07.24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2009.07.23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NlsSrv32.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009.07.24 18:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll

MOD - [2009.07.24 18:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll

MOD - [2009.07.24 18:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll

MOD - [2009.07.23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012.09.25 14:27:20 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011.05.13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)

SRV - [2013.02.16 12:01:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.02.09 19:54:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2012.02.23 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)

SRV - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)

SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2012.08.03 20:38:05 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)

DRV:64bit: - [2012.06.28 21:37:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.06.20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)

DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)

DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)

DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)

DRV:64bit: - [2011.05.26 20:49:28 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)

DRV:64bit: - [2011.05.13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011.05.13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010.03.23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)

DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)

DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)

DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)

DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)

DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/

IE - HKCU\..\SearchScopes,DefaultScope = {04C168DE-3056-4DD3-A997-227ADB753E50}

IE - HKCU\..\SearchScopes\{04C168DE-3056-4DD3-A997-227ADB753E50}: "URL" = hxxp://www.google.de/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.faz.net"

FF - prefs.js..extensions.enabledAddons: adapter%40babylontc.com:1.0.0.1

FF - prefs.js..extensions.enabledAddons: ocr%40babylon.com:1.1

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1

FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3

FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..keyword.URL: "hxxp://www.ergative.com/search.php?q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 12:26:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.10 22:45:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.16 12:01:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.16 12:01:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M]

 

[2012.09.04 10:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.01.29 16:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\71bm362o.default\extensions

[2013.01.20 18:18:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\71bm362o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.10.28 22:40:05 | 000,021,707 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\adapter@babylontc.com.xpi

[2012.10.28 22:40:05 | 000,008,053 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\ocr@babylon.com.xpi

[2013.01.16 22:08:03 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

[2013.01.29 16:28:54 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2012.09.04 10:48:38 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

[2013.01.20 18:18:29 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012.12.19 12:40:11 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\searchplugins\sweetim.xml

[2013.02.16 12:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013.02.16 12:01:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009.11.06 17:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2009.11.06 17:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2013.02.10 13:44:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.11 13:23:14 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml

[2013.02.10 13:44:35 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

O1 HOSTS File: ([2013.02.16 22:17:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Vertrauenswürdige Sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2)

O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1003CBEC-F7D5-466D-B0DF-23B5A3219CAA}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7970C-4514-485A-9B59-A6C32002E811}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD92F0B3-F6AE-42E5-A2EB-250EB86FA7E6}: DhcpNameServer = 192.168.42.129

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.17 10:55:58 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.02.17 10:45:52 | 000,000,000 | ---D | C] -- C:\Remove

[2013.02.17 10:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2013.02.17 10:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager

[2013.02.17 06:16:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013.02.17 06:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.02.16 22:18:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.02.16 22:00:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.02.16 22:00:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.02.16 22:00:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.02.16 21:40:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.02.16 20:58:13 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Windows\SysNative\remover.exe

[2013.02.16 20:45:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs

[2013.02.16 20:15:02 | 000,024,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi_copy.sys

[2013.02.16 20:03:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics

[2013.02.16 18:22:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics

[2013.02.16 12:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.02.14 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

[2013.02.14 20:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6

[2013.02.13 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Scans

[2013.02.13 12:27:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.02.13 12:27:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.02.13 12:27:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.02.13 12:27:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.02.13 12:27:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.02.13 12:27:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.02.13 12:27:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.02.13 12:27:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.02.13 12:27:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.02.13 12:27:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.02.13 12:27:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.02.13 12:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.02.13 12:27:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.02.13 12:27:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.02.13 12:27:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.02.13 11:57:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.02.13 11:57:10 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013.02.13 11:57:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013.02.13 11:56:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013.02.13 11:56:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013.02.13 11:56:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013.02.13 11:56:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013.02.13 11:56:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013.02.13 11:56:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013.02.13 11:56:47 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013.02.12 23:24:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kirsten Meyer

[2013.02.12 21:38:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kristina Simona Montagova

[2013.02.12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Erfolgreich recherchieren

[2013.02.10 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings

[2013.02.10 22:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2013.02.10 22:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2013.02.10 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2013.02.06 12:54:54 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013.02.06 12:54:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013.02.06 12:54:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013.02.06 12:54:36 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013.01.27 02:14:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wie wir leben wollen

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.17 23:15:34 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.17 23:04:52 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.17 23:04:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.17 23:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.17 11:04:53 | 000,026,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.17 11:04:53 | 000,026,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.17 10:59:59 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2013.02.17 10:58:42 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.17 09:06:12 | 001,659,590 | ---- | M] () -- C:\Users\***\Desktop\1.gif

[2013.02.17 09:06:11 | 000,728,508 | ---- | M] () -- C:\Users\***\Desktop\3.gif

[2013.02.17 08:48:16 | 001,531,094 | ---- | M] () -- C:\Users\***\Desktop\8448703898_7cf6bd8922_h.jpg

[2013.02.17 06:11:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.02.16 22:17:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.02.16 21:24:12 | 000,007,602 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg

[2013.02.16 20:53:20 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi_copy.sys

[2013.02.16 13:21:12 | 001,668,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.02.16 13:21:12 | 000,717,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.02.16 13:21:12 | 000,669,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.02.16 13:21:12 | 000,157,550 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.02.16 13:21:12 | 000,128,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.02.15 18:03:08 | 034,397,496 | ---- | M] () -- C:\Users\***\Desktop\adastra neu.wav

[2013.02.13 13:02:18 | 000,196,915 | ---- | M] () -- C:\Windows\hpoins39.dat

[2013.02.13 12:47:58 | 004,992,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.13 01:14:32 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz

[2013.02.13 01:08:44 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz

[2013.02.13 00:01:17 | 000,292,255 | ---- | M] () -- C:\Users\***\Desktop\Ingrid Ferran - Über den Neid. Eine phänomenologische Untersuchung.pdf

[2013.02.12 18:53:36 | 001,855,352 | ---- | M] () -- C:\Users\***\Desktop\Über das Symbol des Todes in Thomas Bernhards Lyrik.pdf

[2013.02.12 14:58:43 | 000,000,278 | ---- | M] () -- C:\Users\***\Desktop\oldenbourg-link - Journal - Table of Contents.url

[2013.02.09 19:54:08 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.02.09 19:54:08 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.02.06 12:54:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013.02.06 12:54:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013.02.06 12:54:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013.02.06 12:54:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013.02.06 12:54:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013.02.06 12:54:18 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013.02.03 20:36:47 | 000,251,185 | ---- | M] () -- C:\Users\***\Desktop\Ulrich Seidl - Ein Blick in die Hölle.pdf

[2013.01.27 02:59:05 | 000,000,014 | ---- | M] () -- C:\Windows\SysWow64\tmpPrst.tgz

[2013.01.24 01:13:34 | 000,420,065 | ---- | M] () -- C:\Users\***\Desktop\Poststrukturalismus - Systemtheorie.pdf

[2013.01.22 18:20:06 | 000,141,733 | ---- | M] () -- C:\Users\***\Desktop\Marshall McLuhan - Das Medium ist die Botschaft.pdf

 
 ========== Files Created - No Company Name ==========

 

[2013.02.17 09:07:08 | 001,659,590 | ---- | C] () -- C:\Users\***\Desktop\1.gif

[2013.02.17 09:07:01 | 000,728,508 | ---- | C] () -- C:\Users\***\Desktop\3.gif

[2013.02.17 08:48:25 | 001,531,094 | ---- | C] () -- C:\Users\***\Desktop\8448703898_7cf6bd8922_h.jpg

[2013.02.16 22:00:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.02.16 22:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.02.16 22:00:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.02.16 22:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.02.16 22:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.02.15 19:31:31 | 034,397,496 | ---- | C] () -- C:\Users\***\Desktop\adastra neu.wav

[2013.02.13 00:01:17 | 000,292,255 | ---- | C] () -- C:\Users\***\Desktop\Ingrid Ferran - Über den Neid. Eine phänomenologische Untersuchung.pdf

[2013.02.12 18:59:59 | 357,307,383 | ---- | C] () -- C:\Users\***\Desktop\Wörterbuch der Kollokationen.pdf

[2013.02.12 18:53:36 | 001,855,352 | ---- | C] () -- C:\Users\***\Desktop\Über das Symbol des Todes in Thomas Bernhards Lyrik.pdf

[2013.02.12 14:58:56 | 000,000,278 | ---- | C] () -- C:\Users\***\Desktop\oldenbourg-link - Journal - Table of Contents.url

[2013.02.03 20:36:45 | 000,251,185 | ---- | C] () -- C:\Users\***\Desktop\Ulrich Seidl - Ein Blick in die Hölle.pdf

[2013.01.27 02:59:05 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\tmpPrst.tgz

[2013.01.24 01:13:34 | 000,420,065 | ---- | C] () -- C:\Users\***\Desktop\Poststrukturalismus - Systemtheorie.pdf

[2013.01.22 18:20:06 | 000,141,733 | ---- | C] () -- C:\Users\***\Desktop\Marshall McLuhan - Das Medium ist die Botschaft.pdf

[2012.07.05 02:54:49 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdce.ini

[2012.07.05 02:53:07 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdih.ini

[2012.07.05 02:53:02 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdko.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdpe.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdmk.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdhj.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdfg.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdai.ini

[2012.07.05 02:16:25 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll

[2012.07.05 02:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll

[2012.07.05 02:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll

[2012.07.05 01:32:01 | 000,000,099 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat

[2012.05.30 11:20:34 | 000,001,083 | ---- | C] () -- C:\Windows\lightworks.ini

[2012.05.28 20:33:58 | 000,000,205 | ---- | C] () -- C:\Users\***\.swfinfo

[2012.05.10 23:11:57 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2012.04.12 22:04:56 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db

[2012.03.20 16:20:06 | 000,000,208 | ---- | C] () -- C:\Users\***\defogger_reenable

[2012.03.05 18:30:55 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI

[2012.02.23 21:23:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll

[2012.02.16 00:35:20 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012.02.16 00:35:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012.01.17 09:17:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B9A2CC7C-E572-4C7E-9A7C-573B0FF0BEFE}

[2012.01.12 23:16:57 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.12.04 13:14:00 | 000,038,432 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2011.12.04 13:13:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.12.04 13:12:50 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2011.09.28 22:18:53 | 000,000,055 | ---- | C] () -- C:\Users\***\AppData\Roaming\Win-HaBu.ini

[2011.08.04 01:00:59 | 000,209,177 | ---- | C] () -- C:\Windows\hpoins39.dat.temp

[2011.08.04 01:00:59 | 000,000,629 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp

[2011.08.03 15:25:33 | 000,000,298 | ---- | C] () -- C:\Windows\Clony2.ini

[2011.07.15 16:24:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys

[2011.07.15 16:24:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys

[2011.05.26 20:35:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll

[2011.03.23 02:27:53 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini

[2011.02.19 12:19:00 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg

[2010.05.17 15:23:34 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.04.15 15:35:48 | 003,198,860 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.JPG

[2010.04.15 15:35:46 | 003,088,891 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.0

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A303874F
 

< End of report >

hi
wieso hast du einfach sinnloser weise irgendwelche tools ausgeführt, deren Logs du warscheinlich nicht selbst auswerten kannst?
wo sind die Berichte, tdss killer, combofix und was du sonst so ausgeführt hast?

Ja, ich weiß dass das ein Fehler war...Ich habe die Logs nicht mehr, ich dachte nicht dass sie noch gebraucht werden. Das tut mir leid. Bekomme ich den trotzdem Hilfe?

c:\tdsskiller-datum-version.txt suchen, öffnen inhalt posten.
c:\combofix.txt bzw log.txt suchen, inhalt posten.

Ich habe die Logs gelöscht..

toll...

warum sollte man uns die Auswertung auch einfach machen.
öffne c:\qoobox\quarantainedfiles.txt, inhalt posten

Es tut mir leid, ich weiß dass war dumm..

Code:

2013-02-16 21:24:12 . 2013-02-16 21:24:12               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat

2013-02-16 21:24:12 . 2013-02-16 21:24:12              237 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{594D4122-1F87-41E2-96C7-825FB4796516}.reg.dat

2013-02-16 21:11:28 . 2013-02-16 21:11:28           16,050 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-02-16 20:59:57 . 2013-02-16 20:59:57               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log

2013-02-16 19:45:47 . 2013-02-16 19:45:48          710,504 ----a-w-  C:\Qoobox\Quarantine\C\Windows\isRS-000.tmp.vir

2013-01-27 01:59:05 . 2013-02-13 00:14:32               73 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\ssprs.dll.vir

2013-01-27 01:59:05 . 2013-02-13 00:08:44              205 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\lsprst7.dll.vir

2013-01-27 01:59:05 . 2013-01-27 01:59:05                0 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmpPrst.dll.vir

aber die Malwarebytes logs sind sicher noch da...
http://www.trojaner-board.de/125889-...en-posten.html

ja, allerdings ohne Funde...

Code:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.02.16.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Imre Rudolf :: ***F-PC [Administrator]
 

17.02.2013 05:56:55

mbam-log-2013-02-17 (05-56-55).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 159453

Laufzeit: 33 Minute(n), 31 Sekunde(n) [Abgebrochen]
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Das Super AntiSpiware Log:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/17/2013 at 08:44 AM
 

Application Version : 5.6.1014
 

Core Rules Database Version : 10017

Trace Rules Database Version: 7829
 

Scan type       : Complete Scan

Total Scan Time : 02:16:28
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator
 

Memory items scanned      : 615

Memory threats detected   : 0

Registry items scanned    : 77415

Registry threats detected : 0

File items scanned        : 195019

File threats detected     : 115
 

Adware.Tracking Cookie

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3REJUVSJ.txt [ /ww251.smartadserver.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5E38B7BO.txt [ /imrworldwide.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XAHIKQ5K.txt [ /adformdsp.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\02K3WLX1.txt [ /zanox-affiliate.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C7PDZ6W7.txt [ /tradedoubler.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\VJ3A2APB.txt [ /ad4.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1GO3S51R.txt [ /doubleclick.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\204EOYVH.txt [ /ad.zanox.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Q6JNI55K.txt [ /server.adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NDUFLHSN.txt [ /ad-vice.biz ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EO08AU9L.txt [ /ru4.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DDAKQFPP.txt [ /estat.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8ZI4AOKP.txt [ /track.hubrus.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2C47SJYY.txt [ /atdmt.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\D79L0VNU.txt [ /invitemedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SDG1D511.txt [ /www.zanox-affiliate.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\W5E31F3C.txt [ /ad3.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\S9C61CPD.txt [ /unister-adservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DJJJM4C8.txt [ /questionmarket.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BKDQOEA6.txt [ /webmasterplan.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BVQQB68O.txt [ /tracking.quisma.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2F7H3PM5.txt [ /ad.adc-serv.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Z5SH0PO0.txt [ /server.adformdsp.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NUDLR9BP.txt [ /zanox.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\OL985WF7.txt [ /adtechus.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MA3TD0GF.txt [ /ads.creative-serving.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\LVQTZ0OU.txt [ /smartadserver.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\V76LCTZ3.txt [ /adx.chip.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\82USMCWC.txt [ /advertising.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2PGBV858.txt [ /ad.360yield.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\VZVV9DOE.txt [ /mediaplex.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UGBR9EH1.txt [ /serving-sys.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\I5H7QT3L.txt [ /burstnet.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4KWKQ24W.txt [ /media6degrees.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2SG89E0K.txt [ /de.sitestat.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PLDRLDWY.txt [ /stats4free.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\CPYEKEQB.txt [ /at.atwola.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WU15827Y.txt [ /ad.piximedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\P5YM9A8Y.txt [ /ad.yieldmanager.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\457G2Q0D.txt [ /fr.sitestat.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\AD8RI86B.txt [ /revsci.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J8MFWXL5.txt [ /adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\GN0CKCXZ.txt [ /statcounter.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SUSE62Z1.txt [ /tribalfusion.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6DB9BVBV.txt [ /unitymedia.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\0G2QD950.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\0XSROYXD.txt [ /adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\CY30P6O4.txt [ /im.banner.t-online.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IAHVHHTT.txt [ /casalemedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\B3LPJ6AL.txt [ /a.intentmedia.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2PQMWW2F.txt [ /collective-media.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5W6KMPEA.txt [ /bs.serving-sys.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IUNW2VKK.txt [ /specificclick.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\47UEGWAT.txt [ /apmebf.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\CUMK5814.txt [ /track.adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5TJARQS1.txt [ /banner.t-online.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\N6U5LPXY.txt [ /ad.movad.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\00Q0ZKFU.txt [ /vinsight.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4XALTH4W.txt [ /lucidmedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\B9NKSQJ3.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NPG4GF6F.txt [ /adtech.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NZMV72LX.txt [ /ad.ad-srv.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IMUR2C0B.txt [ /www.googleadservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4APJKIV1.txt [ /ad.dyntracker.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2RK88GB2.txt [ /adinterax.com ]

        C:\USERS\***\Cookies\3REJUVSJ.txt [ Cookie:***@ww251.smartadserver.com/ ]

        C:\USERS\***\Cookies\02K3WLX1.txt [ Cookie:***@zanox-affiliate.de/ ]

        C:\USERS\***\Cookies\C7PDZ6W7.txt [ Cookie:***@tradedoubler.com/ ]

        C:\USERS\***\Cookies\VJ3A2APB.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\1GO3S51R.txt [ Cookie:***@doubleclick.net/ ]

        C:\USERS\***\Cookies\Q6JNI55K.txt [ Cookie:***@server.adform.net/ ]

        C:\USERS\***\Cookies\EO08AU9L.txt [ Cookie:***@ru4.com/ ]

        C:\USERS\***\Cookies\2C47SJYY.txt [ Cookie:***@atdmt.com/ ]

        C:\USERS\***\Cookies\D79L0VNU.txt [ Cookie:***@invitemedia.com/ ]

        C:\USERS\***\Cookies\W5E31F3C.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\S9C61CPD.txt [ Cookie:***@unister-adservices.com/ ]

        C:\USERS\***\Cookies\DJJJM4C8.txt [ Cookie:***@questionmarket.com/ ]

        C:\USERS\***\Cookies\BKDQOEA6.txt [ Cookie:***@webmasterplan.com/ ]

        C:\USERS\***\Cookies\BVQQB68O.txt [ Cookie:***@tracking.quisma.com/ ]

        C:\USERS\***\Cookies\Z5SH0PO0.txt [ Cookie:***@server.adformdsp.net/ ]

        C:\USERS\***\Cookies\OL985WF7.txt [ Cookie:***@adtechus.com/ ]

        C:\USERS\***\Cookies\LVQTZ0OU.txt [ Cookie:***@smartadserver.com/ ]

        C:\USERS\***\Cookies\V76LCTZ3.txt [ Cookie:***@adx.chip.de/ ]

        C:\USERS\***\Cookies\82USMCWC.txt [ Cookie:***@advertising.com/ ]

        C:\USERS\***\Cookies\UGBR9EH1.txt [ Cookie:***@serving-sys.com/ ]

        C:\USERS\***\Cookies\4KWKQ24W.txt [ Cookie:***@media6degrees.com/ ]

        C:\USERS\***\Cookies\2SG89E0K.txt [ Cookie:***@de.sitestat.com/idgcom-de/pcwelt/ ]

        C:\USERS\***\Cookies\PLDRLDWY.txt [ Cookie:***@stats4free.de/ ]

        C:\USERS\***\Cookies\CPYEKEQB.txt [ Cookie:***@at.atwola.com/ ]

        C:\USERS\***\Cookies\P5YM9A8Y.txt [ Cookie:***@ad.yieldmanager.com/ ]

        C:\USERS\***\Cookies\457G2Q0D.txt [ Cookie:***@fr.sitestat.com/euronews/euronews/ ]

        C:\USERS\***\Cookies\SUSE62Z1.txt [ Cookie:***@tribalfusion.com/ ]

        C:\USERS\***\Cookies\0XSROYXD.txt [ Cookie:***@adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\IAHVHHTT.txt [ Cookie:***@casalemedia.com/ ]

        C:\USERS\***\Cookies\B3LPJ6AL.txt [ Cookie:***@a.intentmedia.net/ ]

        C:\USERS\***\Cookies\2PQMWW2F.txt [ Cookie:***@collective-media.net/ ]

        C:\USERS\***\Cookies\5W6KMPEA.txt [ Cookie:***@bs.serving-sys.com/ ]

        C:\USERS\***\Cookies\IUNW2VKK.txt [ Cookie:***@specificclick.net/ ]

        C:\USERS\***\Cookies\47UEGWAT.txt [ Cookie:***@apmebf.com/ ]

        C:\USERS\***\Cookies\CUMK5814.txt [ Cookie:***@track.adform.net/ ]

        C:\USERS\***\Cookies\00Q0ZKFU.txt [ Cookie:***@vinsight.de/ ]

        C:\USERS\***\Cookies\4XALTH4W.txt [ Cookie:***@lucidmedia.com/ ]

        C:\USERS\***\Cookies\B9NKSQJ3.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\NPG4GF6F.txt [ Cookie:***@adtech.de/ ]

        C:\USERS\***\Cookies\IMUR2C0B.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/960449084/ ]

        C:\USERS\***\Cookies\4APJKIV1.txt [ Cookie:***@ad.dyntracker.de/ ]

        C:\USERS\***\Cookies\2RK88GB2.txt [ Cookie:***@adinterax.com/ ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1XNWTANP.txt [ /server.adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Z8B6YTKU.txt [ /revsci.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\N4C126JI.txt [ /adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\JM7SPKJ5.txt [ /adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9FXS46E9.txt [ /ad2.adfarm1.adition.com ]

        C:\USERS\***\Cookies\1XNWTANP.txt [ Cookie:***@server.adform.net/ ]

        C:\USERS\***\Cookies\JM7SPKJ5.txt [ Cookie:***@adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\9FXS46E9.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]

hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

hier die programmliste:

Code:

Acrobat.com        Adobe Systems Incorporated        01.10.2009        1,60MB        1.6.65 notwendig

Adobe AIR        Adobe Systems Incorporated        25.09.2012                3.4.0.2540 notwendig

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149 notwendig

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        09.02.2013        6,00MB        11.5.502.149 notwendig

Adobe Reader X (10.1.5) - Deutsch        Adobe Systems Incorporated        12.01.2013        121MB        10.1.5 notwendig

Adobe Shockwave Player 11.5        Adobe Systems, Inc.        19.04.2012                11.5.9.620 notwendig

AMD USB Filter Driver        Advanced Micro Devices, Inc.        24.11.2009        56,0KB        1.0.10.84 notwendig

Ashampoo Burning Studio 2010        ashampoo GmbH & Co. KG        14.04.2010                9.12 notwendig

Atheros Driver Installation Program        Atheros        24.11.2009                5.0  unbekannt

ATI Catalyst Install Manager        ATI Technologies, Inc.        24.11.2009        18,2MB        3.0.732.0

avast! Free Antivirus        AVAST Software        19.11.2012                 7.0.1474.0 notwendig

AviSynth 2.5                19.04.2012 unbekannt                

calibre        Kovid Goyal        06.10.2011        121MB        0.8.21 unbekannt

CCleaner        Piriform        04.12.2012 notwendig                

Cisco AnyConnect Secure Mobility Client        Cisco Systems, Inc.        11.09.2012                3.1.00495 notwendig

Citavi        Swiss Academic Software        21.06.2012        69,2MB        3.2.0.0 notwendig

Classic Shell        IvoSoft        14.04.2010        2,23MB        1.0.3 notwendig

Compatibility Pack für 2007 Office System        Microsoft Corporation        12.01.2013        292MB        12.0.6612.1000

Counter-Strike 1.6                14.02.2013 notwendig                

D - metallbaupraxis 2010.2 (September)                03.08.2011        539MB notwendig        

DAEMON Tools Lite        DT Soft Ltd        28.06.2012                4.45.4.0314 notwendig

Digitale Bibliothek 5                19.04.2012 notwendig                

DivX-Setup        DivX, LLC        10.02.2013                2.6.1.22 notwendig

DVD Flick 1.3.0.7        Dennis Meuwissen        23.12.2011                1.3.0.7 notwendig

DVD Shrink 3.2        DVD Shrink        06.11.2012 notwendig                

ENE CIR Receiver Driver        ENE        24.11.2009        2.7.4.0 notwendig

FL Studio 10        Image-Line        19.04.2012 notwendig                

FL Studio 8        Image-Line bvba        19.04.2012 notwendig                

HP 3D DriveGuard        Hewlett-Packard        24.11.2009        3,27MB        4.0.3.1 unbekannt

HP Advisor        Hewlett-Packard        01.10.2009        48,2MB        3.2.8946.3086

HP Customer Experience Enhancements        Hewlett-Packard        01.10.2009                5.7.0.3036 unbekannt

HP Customer Participation Program 14.0        HP        16.11.2011                14.0 unbekannt

HP Imaging Device Functions 14.0        HP        16.11.2011                14.0 unbekannt

HP MediaSmart DVD        Hewlett-Packard        24.11.2009        101MB        3.0.3123 notwendig

HP MediaSmart Internet TV        Hewlett-Packard        24.11.2009        52,2MB        3.0.1916 notwendig

HP MediaSmart Live TV        Hewlett-Packard        24.11.2009        77,6MB        3.0.1924 notwendig

HP MediaSmart Music/Photo/Video        Hewlett-Packard        24.11.2009        401MB        3.0.3123 notwendig

HP MediaSmart SmartMenu        Hewlett-Packard        24.11.2009        1,85MB        3.0.30.1 notwendig

HP MediaSmart Webcam        Hewlett-Packard        07.03.2011        134MB        4.0.2626 notwendig

HP Photo Creations        HP Photo Creations Powered by RocketLife        19.04.2012        14,6MB        1.0.0.2024 unbekannt

HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6        HP        04.08.2011                14.0 notwendig

HP Product Detection        Hewlett-Packard Company        04.08.2011        1,90MB        10.7.9.0 unbekannt

HP Quick Launch Buttons        Hewlett-Packard        01.10.2009                6.50.3.1 unbekannt

HP Setup        Hewlett-Packard        01.10.2009                1.2.3220.3079 unbekannt

HP Smart Web Printing 4.60        HP        16.11.2011                4.60 unbekannt

HP Solution Center 14.0        HP        16.11.2011                14.0 unbekannt

HP Support Assistant        Hewlett-Packard        01.10.2009        24,3MB        4.1.11.3 unbekannt

HP Update        Hewlett-Packard        16.11.2011        2,51MB        5.002.002.002 unbekannt

HP User Guides 0154        Hewlett-Packard        01.10.2009        153MB        1.01.0001 unbekannt

HP Wireless Assistant        Hewlett-Packard        01.10.2009        3,97MB        3.50.9.1 unbekannt

HTC BMP USB Driver        HTC        08.04.2011        284KB        1.0.5375 unbekannt

HTC Driver Installer        HTC Corporation        25.09.2012        2,23MB        3.0.0.021 unbekannt

HTC Sync        HTC Corporation        25.09.2012        47,1MB        3.2.20 unbekannt

IDT Audio        IDT        24.11.2009                1.0.6225.0 unbekannt

IL Download Manager        Image-Line        19.04.2012 notwendig                

Java 7 Update 13        Oracle        06.02.2013        129MB        7.0.130 notwendig

JDownloader        AppWork UG (haftungsbeschränkt)        19.04.2012 notwendig                

Korg Legacy Collection v1.1.2                05.07.2012 notwendig                

LG USB Modem Drivers        LG Electronics        10.04.2011        1,20MB        4.9.7 unnötig

Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        16.02.2013        18,4MB        1.70.0.1100 notwendig

Microsoft .NET Framework 1.1                05.07.2012                

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        14.09.2010        38,8MB        4.0.30319 unbekannt

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        14.09.2010        2,93MB        4.0.30319 unbekannt

Microsoft .NET Framework 4 Extended        Microsoft Corporation        10.05.2012        51,9MB        4.0.30319  unbekannt

Microsoft Office File Validation Add-In        Microsoft Corporation        14.09.2011        7,95MB        14.0.5130.5003 unbekannt

Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        12.01.2013        109MB        12.0.6612.1000 notwendig        

Microsoft Office Professional Plus 2010        Microsoft Corporation        19.04.2012                14.0.6029.1000 notwendig

Microsoft Office Suite Activation Assistant        Microsoft Corporation        01.10.2009        8,36MB        2.9 notwendig

Microsoft Silverlight        Microsoft Corporation        17.05.2012        50,6MB        5.1.10411.0 unbekannt

Microsoft Silverlight 3 SDK        Microsoft Corporation        16.05.2010        31,6MB        3.0.40624.0 unbekannt

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        15.04.2010        260KB        8.0.50727.4053 unbekannt

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        15.04.2010        252KB        8.0.50727.4053 unbekannt

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        300KB        8.0.59193 unbekannt

Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        11.05.2012        3,00MB        8.0.61000 unbekannt

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        09.05.2011        580KB        8.0.51011 unbekannt 

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        15.04.2010        200KB        9.0.30729.4148 unbekannt

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        09.05.2011        598KB        9.0.30729.5570 unbekannt

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        11.05.2012        780KB        9.0.30729 unbekannt

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        13.05.2012        788KB        9.0.30729.6161 unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        08.06.2010        13,5MB        9.0.21022 unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        05.08.2011        1,46MB        9.0.30411 unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        24.11.2009        596KB        9.0.30729 unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        13.06.2010        594KB        9.0.30729.4148 unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        600KB        9.0.30729.6161 unbekannt

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        06.03.2012        13,8MB        10.0.40219 unbekannt

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        06.03.2012        15,0MB        10.0.40219 unbekannt

Monopoly Deluxe        Zylom Games        19.04.2012                1.0.0 notwendig

Morphine        Image-Line bvba        19.04.2012 notwendig                

Mozilla Firefox 18.0.2 (x86 en-US)        Mozilla        17.02.2013        44,0MB        18.0.2 notwendig

Mozilla Maintenance Service        Mozilla        17.02.2013        330KB        18.0.2 notwendig

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        15.04.2010        1,27MB        4.20.9870.0 unbekannt

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        15.04.2010        1,33MB        4.20.9876.0 unbekannt

MSXML 4.0 SP3 Parser        Microsoft Corporation        08.04.2011        1,47MB        4.30.2100.0 unbekannt

MSXML 4.0 SP3 Parser (KB2721691)        Microsoft Corporation        12.07.2012        1,53MB        4.30.2114.0 unbekannt

MSXML 4.0 SP3 Parser (KB2758694)        Microsoft Corporation        12.01.2013        1,54MB        4.30.2117.0 unbekannt

MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        10.04.2011        1,53MB        4.30.2107.0

Native Instruments B4 II                05.07.2012 notwendig                

Nero 11        Nero AG        08.04.2012        1,71GB        11.0.10700 notwendig

Nero Backup Drivers        Nero AG        05.03.2012        94,0KB        1.0.11100.8.0 notwendig

Nuance OmniPage 18        Nuance Communications, Inc.        11.05.2012        494MB        18.0.0000 notwendig

Nuance PDF Create 7        Nuance Communications, Inc        11.05.2012        185MB        7.10.2264 notwendig

NVIDIA PhysX        NVIDIA Corporation        23.02.2012        78,9MB        9.10.0513 notwendig

OpenAL                19.04.2012 unbekannt                

QuickTime        Apple Inc.        13.07.2011        73,6MB        7.69.80.9 notwendig

Realtek 8136 8168 8169 Ethernet Driver        Realtek        24.11.2009                1.00.0007 unbekannt

reFX Nexus 1.0.9                12.08.2010 notwendig                 

reFX Nexus VSTi RTAS v2.2.0                04.07.2012 notwendig                

reFX Vanguard VSTi v1.6.1                05.07.2012 notwendig                

ReNamer        [den4b] Denis Kozlov        14.04.2010                5.50 notwendig

Rhino 2.04        Big Tick        05.07.2012                2.04 notwendig

Rob Papen Predator V1.1.1        RPCX        05.07.2012 notwendig                

Roger Nichols Digital DETAILER VST RTAS v1.2        Team AiR 2007        05.07.2012 notwendig                

Rosetta Stone Version 3        Rosetta Stone Ltd.        25.02.2012        120MB        3.4.5.0 notwendig

Security Task Manager 1.8d        Neuber Software        17.02.2013                1.8d unnötig

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)        Microsoft        20.11.2012        288KB        1.0.0 unbekannt

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)        Microsoft        20.11.2012        57,0KB        1.0.0 unbekannt

Shop for HP Supplies        HP        13.02.2013                14.0 unbekannt

Sony Sound Forge 8.0b        Sony        05.07.2012        69,5MB        8.0.110 notwendig

Sophos Anti-Rootkit 1.5.20        Sophos Plc        19.04.2012                1.5.20 unbekannt

SoulSeek 157 NS 13e                19.04.2012 notwendig                 

Steinberg Cubase 5        Steinberg Media Technologies GmbH        26.01.2011        282MB        5.1.0 notwendig

Steinberg Drum Loop Expansion 01        Steinberg Media Technologies GmbH        26.01.2011        424MB        1.0.0.1 notwendig

Steinberg Groove Agent ONE Content        Steinberg Media Technologies GmbH        26.01.2011        142MB        1.0.0.003 notwendig

Steinberg HALionOne        Steinberg Media Technologies GmbH        26.01.2011        363MB        1.1.0.457 notwendig

Steinberg HALionOne Additional Content Set 01        Steinberg Media Technologies GmbH        26.01.2011        940MB        1.0.0.001 notwendig

Steinberg HALionOne Expression Set        Steinberg Media Technologies GmbH        26.01.2011        231MB        1.0.1.0 notwendig

Steinberg HALionOne GM Drum Set        Steinberg Media Technologies GmbH        26.01.2011        23,9MB        1.0.1.457 notwendig

Steinberg HALionOne GM Set        Steinberg Media Technologies GmbH        26.01.2011        63,6MB        1.0.1.457 notwendig

Steinberg HALionOne Pro Set        Steinberg Media Technologies GmbH        26.01.2011        123MB        1.0.1.457 notwendig

Steinberg HALionOne Studio Drum Set        Steinberg Media Technologies GmbH        26.01.2011        48,0MB        1.0.1.457 notwendig

Steinberg HALionOne Studio Set        Steinberg Media Technologies GmbH        26.01.2011        112MB        1.0.1.457 notwendig

Steinberg LoopMash Content        Steinberg Media Technologies GmbH        26.01.2011        612MB        1.0.0.005 notwendig

Steinberg REVerence Content 01        Steinberg Media Technologies GmbH        26.01.2011        169MB        1.0.0.006 notwendig

SUPERAntiSpyware        SUPERAntiSpyware.com        23.03.2012        97,4MB        5.0.1146 notwendig

Synaptics Pointing Device Driver        Synaptics Incorporated        10.09.2012        46,4MB        15.3.29.0 notwendig

VLC media player 1.1.11        VideoLAN        19.04.2012                1.1.11 notwendig

Wave Arts Power Suite        Wave Arts, Inc.        05.07.2012                5.40 notwendig

Windows Mobile-Gerätecenter        Microsoft Corporation        22.08.2011        27,4MB        6.1.6965.0 unbekannt

WinRAR                14.04.2010         notwendig        

WPF Toolkit June 2009 (Version 3.5.40619.1)        Microsoft Corporation        16.05.2010        2,47MB        3.5.40619.1 unbekannt

Xilisoft Video Converter Ultimate 6        Xilisoft        19.04.2012                6.8.0.1101 notwendig

Xvid 1.1.3 final uninstall        Xvid team (Koepi)        19.04.2012                1.1 unbekannt

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
AviSynth
calibre
LG
Microsoft Silverlight
Security Task
Sophos
SUPERAntiSpyware : findet meist eh nur kookies, daher unnötig
VLC
VideoLAN - Official page for VLC media player, the Open Source video framework!
neueste laden

Öffne CCleaner, analysieren, starten PC neustarten.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Hier die Logdatei von adwcleaner:

Code:

# AdwCleaner v2.112 - Datei am 18/02/2013 um 22:19:11 erstellt

# Aktualisiert am 10/02/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : *** - ***-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner0.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\extensions\adapter@babylontc.com.xpi

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\extensions\ocr@babylon.com.xpi

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\searchplugins\SweetIm.xml

Ordner Gelöscht : C:\Program Files (x86)\Babylon

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Program Files\Babylon

Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess

Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\SweetPacksToolbarData

Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\Delta

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\ca9addd1c5703b67

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Schlüssel Gelöscht : HKLM\Software\PrimoPDF\OpenCandy

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16464
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v18.0.2 (en-US)
 

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\prefs.js
 

Gelöscht : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,ocr%40babylon.com:1.1,%7Bb9db[...]

Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");

Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1361144643677");

Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010006.10031");

Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]

Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]

Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]

Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");

Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");

Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");

Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]

Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]

Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]

Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Gelöscht : user_pref("sweetim.toolbar.search.history", "sky%20zapping");

Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");

Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");

Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{CECD878A-49D0-11E2-BD91-00269E9F2F6A}");

Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
 

*************************
 

AdwCleaner[S2].txt - [11022 octets] - [18/02/2013 22:19:11]
 

########## EOF - C:\AdwCleaner[S2].txt - [11083 octets] ##########

Hi,
HitmanPro - Download - Filepony
Lade bitte Hitmanpro.
Doppelklick, Lizenz, Testlizenz.
Dann auf Scan.
Nichts löschen.
Auf weiter, Log als XML exportieren und posten, bzw packen und anhängen.

HitmanPro:

[CODE]
<?xml version="1.0"?>
-<Log filesProcessed="152660" timeSpentInSecs="1403" date="2013-02-19T00:29:38" version="3.7.2.188" scan="Normal" windows="6.1.1.7601.X64/2" computer="***-PC">-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2HXS0L0O.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4DS0IIBY.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\607LRNCW.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\66MA8JY3.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8ULIU99T.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DFD2U7LL.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\KD3K8Y9E.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\KQCWHMTJ.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NXFHL385.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QL8NSXTL.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\U0PST1HE.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UIL06YGE.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WFEZTQ0G.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\YA1QXV84.txt"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\YC4HJD74.txt"/></Item>-<Item status="None" score="103.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Trojan.Generic.6325903 (Engine A)" id="G Data"/><Scanner name="possible-Threat.Tool.Keygen!IK" id="Ikarus"/></Scanners><File path="C:\Windows\AutoKMS\AutoKMS.exe" hash="3A0C739410004A77338A64823BFE59F8F9CDD83DB80A0243336EDCB569A1AEF7"/>-<Startup><File path="C:\Windows\Tasks\AutoKMS.job"/></Startup></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}\"/></Item></Log>[CODE]

Hi, lösche alle Kookies und mit PUP (potentially unwanted) gekennzeichneten mit Hitmanpro.
Starte neu, poste ein neues OTL log

OTL Log nach Löschung mit Hitmanpro:

Code:

OTL logfile created on: 19.02.2013 15:22:13 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,22% Memory free

9,99 Gb Paging File | 8,92 Gb Available in Paging File | 89,35% Paging File free

Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284,56 Gb Total Space | 6,16 Gb Free Space | 2,16% Space Free | Partition Type: NTFS

Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Drive G: | 931,51 Gb Total Space | 7,23 Gb Free Space | 0,78% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.17 06:11:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2012.12.23 23:59:40 | 001,924,096 | ---- | M] () -- C:\Windows\AutoKMS\AutoKMS.exe

PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009.07.24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2009.07.23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NlsSrv32.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.07.23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011.05.13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)

SRV - [2013.02.18 21:52:19 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.16 12:01:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2012.02.23 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)

SRV - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)

SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Start_Pending] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2012.08.03 20:38:05 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)

DRV:64bit: - [2012.06.28 21:37:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.06.20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)

DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)

DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011.05.26 20:49:28 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)

DRV:64bit: - [2011.05.13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011.05.13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010.03.23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)

DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)

DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)

DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)

DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)

DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/

IE - HKCU\..\SearchScopes,DefaultScope = {04C168DE-3056-4DD3-A997-227ADB753E50}

IE - HKCU\..\SearchScopes\{04C168DE-3056-4DD3-A997-227ADB753E50}: "URL" = hxxp://www.google.de/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.faz.net"

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1

FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..keyword.URL: "hxxp://www.ergative.com/search.php?q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 12:26:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.10 22:45:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.16 12:01:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.16 12:01:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M]

 

[2012.09.04 10:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.02.18 22:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\71bm362o.default\extensions

[2013.01.20 18:18:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\71bm362o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013.01.16 22:08:03 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

[2013.01.29 16:28:54 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2012.09.04 10:48:38 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

[2013.02.16 12:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013.02.16 12:01:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009.11.06 17:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2009.11.06 17:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2013.02.10 13:44:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.11 13:23:14 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml

[2013.02.10 13:44:35 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

O1 HOSTS File: ([2013.02.16 22:17:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Vertrauenswürdige Sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2)

O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1003CBEC-F7D5-466D-B0DF-23B5A3219CAA}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7970C-4514-485A-9B59-A6C32002E811}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD92F0B3-F6AE-42E5-A2EB-250EB86FA7E6}: DhcpNameServer = 192.168.42.129

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.19 14:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013.02.19 00:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013.02.19 00:15:41 | 009,754,024 | ---- | C] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe

[2013.02.18 22:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013.02.18 21:52:19 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.02.18 21:52:18 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.02.17 10:55:58 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.02.17 10:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2013.02.17 10:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager

[2013.02.17 06:16:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013.02.17 06:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.02.16 22:18:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.02.16 22:00:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.02.16 22:00:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.02.16 22:00:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.02.16 21:40:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.02.16 20:58:13 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Windows\SysNative\remover.exe

[2013.02.16 20:45:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs

[2013.02.16 20:15:02 | 000,024,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi_copy.sys

[2013.02.16 20:03:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics

[2013.02.16 12:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.02.14 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

[2013.02.14 20:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6

[2013.02.13 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Scans

[2013.02.13 12:27:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.02.13 12:27:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.02.13 12:27:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.02.13 12:27:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.02.13 12:27:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.02.13 12:27:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.02.13 12:27:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.02.13 12:27:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.02.13 12:27:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.02.13 12:27:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.02.13 12:27:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.02.13 12:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.02.13 12:27:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.02.13 12:27:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.02.13 12:27:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.02.13 11:57:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.02.13 11:57:10 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013.02.13 11:57:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013.02.13 11:56:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013.02.13 11:56:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013.02.13 11:56:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013.02.13 11:56:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013.02.13 11:56:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013.02.13 11:56:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013.02.13 11:56:47 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013.02.12 23:24:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kirsten Meyer

[2013.02.12 21:38:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kristina Simona Montagova

[2013.02.12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Erfolgreich recherchieren

[2013.02.10 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings

[2013.02.10 22:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2013.02.10 22:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2013.02.10 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2013.02.06 12:54:54 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013.02.06 12:54:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013.02.06 12:54:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013.02.06 12:54:36 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013.01.27 02:14:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wie wir leben wollen

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.19 15:26:25 | 000,026,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.19 15:26:25 | 000,026,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.19 15:22:22 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2013.02.19 15:20:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.19 15:18:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.19 15:18:37 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.19 15:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.19 14:58:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.19 01:01:10 | 001,668,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.02.19 01:01:10 | 000,717,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.02.19 01:01:10 | 000,669,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.02.19 01:01:10 | 000,157,550 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.02.19 01:01:10 | 000,128,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.02.19 00:34:47 | 000,090,774 | ---- | M] () -- C:\Users\***\Desktop\Dr._Dre_Still_Remake_-_CodgerBeatz.flp

[2013.02.19 00:29:03 | 009,754,024 | ---- | M] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe

[2013.02.18 22:40:38 | 000,479,149 | ---- | M] () -- C:\Users\***\Desktop\PAROLE_2.flp

[2013.02.18 22:11:10 | 000,587,671 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner0.exe

[2013.02.18 21:52:19 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.02.18 21:52:18 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.02.18 14:40:06 | 000,076,271 | ---- | M] () -- C:\Users\***\Desktop\PAROLE.flp

[2013.02.17 06:11:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.02.16 22:17:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.02.16 21:24:12 | 000,007,602 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg

[2013.02.16 20:53:20 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi_copy.sys

[2013.02.16 16:09:02 | 000,010,639 | ---- | M] () -- C:\Users\***\Desktop\xaraju_elster_2048.pfx

[2013.02.15 18:03:08 | 034,397,496 | ---- | M] () -- C:\Users\***\Desktop\adastra neu.wav

[2013.02.13 13:02:18 | 000,196,915 | ---- | M] () -- C:\Windows\hpoins39.dat

[2013.02.13 12:47:58 | 004,992,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.13 01:14:32 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz

[2013.02.13 01:08:44 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz

[2013.02.13 00:01:17 | 000,292,255 | ---- | M] () -- C:\Users\***\Desktop\Ingrid Ferran - Über den Neid. Eine phänomenologische Untersuchung.pdf

[2013.02.12 18:53:36 | 001,855,352 | ---- | M] () -- C:\Users\***\Desktop\Über das Symbol des Todes in Thomas Bernhards Lyrik.pdf

[2013.02.12 14:58:43 | 000,000,278 | ---- | M] () -- C:\Users\***\Desktop\oldenbourg-link - Journal - Table of Contents.url

[2013.02.06 12:54:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013.02.06 12:54:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013.02.06 12:54:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013.02.06 12:54:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013.02.06 12:54:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013.02.06 12:54:18 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013.02.03 20:36:47 | 000,251,185 | ---- | M] () -- C:\Users\***\Desktop\Ulrich Seidl - Ein Blick in die Hölle.pdf

[2013.01.27 02:59:05 | 000,000,014 | ---- | M] () -- C:\Windows\SysWow64\tmpPrst.tgz

[2013.01.24 01:13:34 | 000,420,065 | ---- | M] () -- C:\Users\***\Desktop\Poststrukturalismus - Systemtheorie.pdf

[2013.01.22 18:20:06 | 000,141,733 | ---- | M] () -- C:\Users\***\Desktop\Marshall McLuhan - Das Medium ist die Botschaft.pdf

 
 ========== Files Created - No Company Name ==========

 

[2013.02.19 00:34:47 | 000,090,774 | ---- | C] () -- C:\Users\***\Desktop\Dr._Dre_Still_Remake_-_CodgerBeatz.flp

[2013.02.18 22:11:10 | 000,587,671 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner0.exe

[2013.02.18 21:52:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.18 16:42:50 | 000,010,639 | ---- | C] () -- C:\Users\***\Desktop\xaraju_elster_2048.pfx

[2013.02.18 14:40:09 | 000,479,149 | ---- | C] () -- C:\Users\***\Desktop\PAROLE_2.flp

[2013.02.18 14:22:15 | 000,076,271 | ---- | C] () -- C:\Users\***\Desktop\PAROLE.flp

[2013.02.16 22:00:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.02.16 22:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.02.16 22:00:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.02.16 22:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.02.16 22:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.02.15 19:31:31 | 034,397,496 | ---- | C] () -- C:\Users\***\Desktop\adastra neu.wav

[2013.02.13 00:01:17 | 000,292,255 | ---- | C] () -- C:\Users\***\Desktop\Ingrid Ferran - Über den Neid. Eine phänomenologische Untersuchung.pdf

[2013.02.12 18:59:59 | 357,307,383 | ---- | C] () -- C:\Users\***\Desktop\Wörterbuch der Kollokationen.pdf

[2013.02.12 18:53:36 | 001,855,352 | ---- | C] () -- C:\Users\***\Desktop\Über das Symbol des Todes in Thomas Bernhards Lyrik.pdf

[2013.02.12 14:58:56 | 000,000,278 | ---- | C] () -- C:\Users\***\Desktop\oldenbourg-link - Journal - Table of Contents.url

[2013.02.03 20:36:45 | 000,251,185 | ---- | C] () -- C:\Users\***\Desktop\Ulrich Seidl - Ein Blick in die Hölle.pdf

[2013.01.27 02:59:05 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\tmpPrst.tgz

[2013.01.24 01:13:34 | 000,420,065 | ---- | C] () -- C:\Users\***\Desktop\Poststrukturalismus - Systemtheorie.pdf

[2013.01.22 18:20:06 | 000,141,733 | ---- | C] () -- C:\Users\***\Desktop\Marshall McLuhan - Das Medium ist die Botschaft.pdf

[2012.07.05 02:54:49 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdce.ini

[2012.07.05 02:53:07 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdih.ini

[2012.07.05 02:53:02 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdko.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdpe.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdmk.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdhj.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdfg.ini

[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdai.ini

[2012.07.05 02:16:25 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll

[2012.07.05 02:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll

[2012.07.05 02:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll

[2012.07.05 01:32:01 | 000,000,099 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat

[2012.05.30 11:20:34 | 000,001,083 | ---- | C] () -- C:\Windows\lightworks.ini

[2012.05.28 20:33:58 | 000,000,205 | ---- | C] () -- C:\Users\***\.swfinfo

[2012.05.10 23:11:57 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2012.04.12 22:04:56 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db

[2012.03.20 16:20:06 | 000,000,208 | ---- | C] () -- C:\Users\***\defogger_reenable

[2012.03.05 18:30:55 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI

[2012.02.23 21:23:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll

[2012.02.16 00:35:20 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012.02.16 00:35:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012.01.17 09:17:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B9A2CC7C-E572-4C7E-9A7C-573B0FF0BEFE}

[2012.01.12 23:16:57 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.12.04 13:14:00 | 000,038,432 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2011.12.04 13:13:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.12.04 13:12:50 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2011.09.28 22:18:53 | 000,000,055 | ---- | C] () -- C:\Users\***\AppData\Roaming\Win-HaBu.ini

[2011.08.04 01:00:59 | 000,209,177 | ---- | C] () -- C:\Windows\hpoins39.dat.temp

[2011.08.04 01:00:59 | 000,000,629 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp

[2011.08.03 15:25:33 | 000,000,298 | ---- | C] () -- C:\Windows\Clony2.ini

[2011.07.15 16:24:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys

[2011.07.15 16:24:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys

[2011.05.26 20:35:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll

[2011.03.23 02:27:53 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini

[2011.02.19 12:19:00 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg

[2010.05.17 15:23:34 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.04.15 15:35:48 | 003,198,860 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.JPG

[2010.04.15 15:35:46 | 003,088,891 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.0

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A303874F
 

< End of report >

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

[2012.09.11 13:23:14 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml

O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

:files

:Commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

neustarten bitte, testen wie der PC läuft, auch alle browser, ob es umleitungen, bzw ungewollte Toolbars gibt, + sonstige Programme

Hier die Logfile:

Code:

All processes killed

========== OTL ==========

C:\Program Files (x86)\Mozilla Firefox\searchplugins\ergative.xml moved successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.

========== FILES ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: xxx

->Temp folder emptied: 0 bytes

 

User: xxx

->Temp folder emptied: 115157 bytes

->Temporary Internet Files folder emptied: 29921139 bytes

->Java cache emptied: 1417225 bytes

->FireFox cache emptied: 49884740 bytes

->Flash cache emptied: 729 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 57335 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 15132 bytes

 

Total Files Cleaned = 78,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 02192013_165659
 

Files\Folders moved on Reboot...

C:\Users\xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Habe ich vielleicht beim Fixen was Vergessen? Ich habe den Text unverändert übernommen? Hätte ich den Benutzernamen einsetzen müssen? Die iexplore Prozesse öffnen sich weiterhin..

passt alles
lade:
http://ad13.geekstogo.com/MBRCheck.exe
doppelklicken, wenn fertig, liegt eine mbrcheck.txt auf dem destop, inhalt posten bitte

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Home Premium Edition

Windows Information:                Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer:        Hewlett-Packard

BIOS Manufacturer:                Hewlett-Packard

System Manufacturer:                Hewlett-Packard

System Product Name:                HP Pavilion dv6 Notebook PC

Logical Drives Mask:                0x0000005c
 

Kernel Drivers (total 245):

  0x03E1A000 \SystemRoot\system32\ntoskrnl.exe

  0x04401000 \SystemRoot\system32\hal.dll

  0x00B9B000 \SystemRoot\system32\kdcom.dll

  0x00C27000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00C34000 \SystemRoot\system32\PSHED.dll

  0x00C48000 \SystemRoot\system32\CLFS.SYS

  0x00CA6000 \SystemRoot\system32\CI.dll

  0x00E12000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00ED4000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00EE4000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x00EF1000 \SystemRoot\system32\drivers\ACPI.sys

  0x00F48000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x00F51000 \SystemRoot\system32\drivers\pci.sys

  0x00F84000 \SystemRoot\system32\drivers\msisadrv.sys

  0x00F8E000 \SystemRoot\system32\drivers\isapnp.sys

  0x00F97000 \SystemRoot\system32\drivers\mpio.sys

  0x00FC1000 \SystemRoot\System32\drivers\partmgr.sys

  0x00FD6000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x00FDF000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x00FEB000 \SystemRoot\system32\drivers\volmgr.sys

  0x00D66000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00E00000 \SystemRoot\system32\drivers\intelide.sys

  0x00DC2000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x00E08000 \SystemRoot\system32\drivers\pciide.sys

  0x00DD2000 \SystemRoot\system32\drivers\aliide.sys

  0x00DD9000 \SystemRoot\system32\drivers\amdide.sys

  0x00DE0000 \SystemRoot\system32\drivers\cmdide.sys

  0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys

  0x010A9000 \SystemRoot\system32\drivers\msdsm.sys

  0x010CF000 \SystemRoot\system32\drivers\nvraid.sys

  0x010F7000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x01127000 \SystemRoot\system32\drivers\viaide.sys

  0x01276000 \SystemRoot\system32\drivers\iaStorV.sys

  0x01394000 \SystemRoot\system32\drivers\atapi.sys

  0x0139D000 \SystemRoot\system32\drivers\ataport.SYS

  0x013C7000 \SystemRoot\system32\DRIVERS\lsi_sas.sys

  0x01200000 \SystemRoot\system32\DRIVERS\storport.sys

  0x01263000 \SystemRoot\system32\drivers\msahci.sys

  0x013E4000 \SystemRoot\system32\drivers\HpSAMD.sys

  0x0112F000 \SystemRoot\system32\DRIVERS\adp94xx.sys

  0x011AA000 \SystemRoot\system32\DRIVERS\adpahci.sys

  0x01000000 \SystemRoot\system32\DRIVERS\adpu320.sys

  0x0102F000 \SystemRoot\system32\drivers\amdsata.sys

  0x0104D000 \SystemRoot\system32\DRIVERS\amdsbs.sys

  0x01094000 \SystemRoot\system32\drivers\amdxata.sys

  0x014F5000 \SystemRoot\system32\DRIVERS\arc.sys

  0x0150E000 \SystemRoot\system32\DRIVERS\arcsas.sys

  0x01529000 \SystemRoot\system32\DRIVERS\elxstor.sys

  0x015B0000 \SystemRoot\system32\DRIVERS\iirsp.sys

  0x015C1000 \SystemRoot\system32\DRIVERS\lsi_fc.sys

  0x015E0000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys

  0x01400000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys

  0x0141F000 \SystemRoot\system32\DRIVERS\megasas.sys

  0x0142B000 \SystemRoot\system32\DRIVERS\MegaSR.sys

  0x014CF000 \SystemRoot\system32\DRIVERS\nfrd960.sys

  0x01679000 \SystemRoot\system32\drivers\nvstor.sys

  0x01826000 \SystemRoot\system32\DRIVERS\ql2300.sys

  0x016A4000 \SystemRoot\system32\DRIVERS\ql40xx.sys

  0x019CA000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys

  0x019D8000 \SystemRoot\system32\DRIVERS\sisraid4.sys

  0x019F0000 \SystemRoot\system32\DRIVERS\stexstor.sys

  0x01703000 \SystemRoot\system32\DRIVERS\vsmraid.sys

  0x0172D000 \SystemRoot\system32\drivers\fltmgr.sys

  0x01800000 \SystemRoot\system32\drivers\fileinfo.sys

  0x01A39000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01779000 \SystemRoot\System32\Drivers\msrpc.sys

  0x01BDC000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x01600000 \SystemRoot\System32\Drivers\cng.sys

  0x01A00000 \SystemRoot\System32\drivers\pcw.sys

  0x01A11000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x01C84000 \SystemRoot\system32\drivers\ndis.sys

  0x01D76000 \SystemRoot\system32\drivers\NETIO.SYS

  0x01DD6000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x01E00000 \SystemRoot\System32\drivers\tcpip.sys

  0x01C00000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01C49000 \SystemRoot\system32\DRIVERS\wd.sys

  0x020F5000 \SystemRoot\system32\drivers\volsnap.sys

  0x02141000 \SystemRoot\System32\Drivers\spldr.sys

  0x02149000 \SystemRoot\system32\drivers\sbp2port.sys

  0x02166000 \SystemRoot\System32\drivers\rdyboost.sys

  0x021A0000 \SystemRoot\system32\DRIVERS\NBVol.sys

  0x021B6000 \SystemRoot\system32\DRIVERS\NBVolUp.sys

  0x021BF000 \SystemRoot\System32\Drivers\mup.sys

  0x021D1000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x021DA000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

  0x02000000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x0203A000 \SystemRoot\system32\DRIVERS\disk.sys

  0x02050000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x02090000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x0347B000 \SystemRoot\System32\Drivers\aswSnx.SYS

  0x0356F000 \SystemRoot\System32\Drivers\Null.SYS

  0x03578000 \SystemRoot\System32\Drivers\Beep.SYS

  0x0357F000 \SystemRoot\System32\drivers\vga.sys

  0x0358D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x035B2000 \SystemRoot\System32\drivers\watchdog.sys

  0x035C2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x035CB000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x035D4000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x035DD000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x035E8000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x03400000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x03422000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x0342F000 \SystemRoot\System32\Drivers\aswTdi.SYS

  0x04262000 \SystemRoot\system32\drivers\afd.sys

  0x042EB000 \SystemRoot\System32\Drivers\aswrdr2.sys

  0x042FB000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x04340000 \SystemRoot\system32\drivers\ws2ifsl.sys

  0x0434B000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x04354000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x0437A000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x04390000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x043BC000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x043D7000 \SystemRoot\system32\drivers\termdd.sys

  0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x0439F000 \SystemRoot\system32\drivers\mssmbios.sys

  0x043AA000 \SystemRoot\System32\drivers\discache.sys

  0x03441000 \SystemRoot\System32\Drivers\dfsc.sys

  0x043EB000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x0449A000 \SystemRoot\System32\Drivers\aswSP.SYS

  0x044FB000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x04521000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x04618000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x04C2F000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x04C65000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x04D59000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x04D9F000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x05021000 \SystemRoot\system32\DRIVERS\athrx.sys

  0x053CC000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x04DC3000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x053D9000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x04536000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x053E4000 \SystemRoot\system32\DRIVERS\usbfilter.sys

  0x053F1000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x05000000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x0458C000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x05011000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

  0x04600000 \SystemRoot\system32\drivers\kbdclass.sys

  0x04400000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x04467000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x04476000 \SystemRoot\system32\DRIVERS\enecir.sys

  0x053F3000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x0460F000 \SystemRoot\system32\drivers\wmiacpi.sys

  0x045AA000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

  0x045B7000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x045C7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x020BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x045DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x01C51000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x0345F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x017D7000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x021E4000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x053F8000 \SystemRoot\system32\drivers\swenum.sys

  0x054FB000 \SystemRoot\system32\drivers\ks.sys

  0x0553E000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x05550000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

  0x05599000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x05400000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x0545A000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x0546F000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x0548F000 \SystemRoot\system32\drivers\portcls.sys

  0x054CC000 \SystemRoot\system32\drivers\drmk.sys

  0x054EE000 \SystemRoot\system32\drivers\ksthunk.sys

  0x08C03000 \SystemRoot\system32\DRIVERS\stwrt64.sys

  0x08C82000 \SystemRoot\system32\DRIVERS\hidir.sys

  0x08C93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x08CAC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x08CB5000 \SystemRoot\system32\drivers\kbdhid.sys

  0x08CC3000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x08CD0000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x08CDE000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x08CFB000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x08D29000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x08D37000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x08D43000 \SystemRoot\System32\Drivers\dump_msahci.sys

  0x08D4E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x08D61000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x000B0000 \SystemRoot\System32\win32k.sys

  0x08D7C000 \SystemRoot\System32\drivers\Dxapi.sys

  0x08D88000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x005D0000 \SystemRoot\System32\TSDDD.dll

  0x00670000 \SystemRoot\System32\cdd.dll

  0x008E0000 \SystemRoot\System32\ATMFD.DLL

  0x08D96000 \SystemRoot\system32\drivers\luafv.sys

  0x08DB9000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

  0x08DDB000 \??\C:\Windows\system32\drivers\mbam.sys

  0x08DE5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

  0x055AB000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x030FE000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x03151000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x03164000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x03000000 \SystemRoot\system32\drivers\HTTP.sys

  0x030C9000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x0317C000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x03194000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x05CB5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x05D03000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x05D27000 \??\C:\Windows\system32\drivers\acedrv11.sys

  0x05C00000 \SystemRoot\system32\drivers\peauth.sys

  0x05CA6000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x05D81000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x05DB2000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x0865C000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x086C5000 \SystemRoot\System32\DRIVERS\srv.sys

  0x087CE000 \SystemRoot\system32\DRIVERS\asyncmac.sys

  0x77290000 \Windows\System32\ntdll.dll

  0x48100000 \Windows\System32\smss.exe

  0xFF5B0000 \Windows\System32\apisetschema.dll

  0xFFA10000 \Windows\System32\autochk.exe

  0x77190000 \Windows\System32\user32.dll

  0xFF570000 \Windows\System32\imm32.dll

  0x76F80000 \Windows\System32\iertutil.dll

  0xFF550000 \Windows\System32\imagehlp.dll

  0xFF4D0000 \Windows\System32\shlwapi.dll

  0x76E20000 \Windows\System32\wininet.dll

  0xFF400000 \Windows\System32\usp10.dll

  0x76D00000 \Windows\System32\kernel32.dll

  0x76BB0000 \Windows\System32\urlmon.dll

  0xFF360000 \Windows\System32\msvcrt.dll

  0xFF350000 \Windows\System32\lpk.dll

  0xFF300000 \Windows\System32\ws2_32.dll

  0xFF280000 \Windows\System32\difxapi.dll

  0xFF270000 \Windows\System32\nsi.dll

  0xFF160000 \Windows\System32\msctf.dll

  0xFEF50000 \Windows\System32\ole32.dll

  0xFEE70000 \Windows\System32\advapi32.dll

  0x77460000 \Windows\System32\psapi.dll

  0xFEE50000 \Windows\System32\sechost.dll

  0xFEC70000 \Windows\System32\setupapi.dll

  0xFEBD0000 \Windows\System32\comdlg32.dll

  0xFDE40000 \Windows\System32\shell32.dll

  0xFDD60000 \Windows\System32\oleaut32.dll

  0x77450000 \Windows\System32\normaliz.dll

  0xFDCF0000 \Windows\System32\gdi32.dll

  0xFDC90000 \Windows\System32\Wldap32.dll

  0xFDBF0000 \Windows\System32\clbcatq.dll

  0xFDAC0000 \Windows\System32\rpcrt4.dll

  0xFDA80000 \Windows\System32\cfgmgr32.dll

  0xFDA60000 \Windows\System32\devobj.dll

  0xFD9C0000 \Windows\System32\comctl32.dll

  0xFD850000 \Windows\System32\crypt32.dll

  0xFD7E0000 \Windows\System32\KernelBase.dll

  0xFD7A0000 \Windows\System32\wintrust.dll

  0xFD790000 \Windows\System32\msasn1.dll

  0x764C0000 \Windows\SysWOW64\normaliz.dll
 

Processes (total 53):

       0 System Idle Process

       4 System

     324 C:\Windows\System32\smss.exe

     448 csrss.exe

     520 csrss.exe

     528 C:\Windows\System32\wininit.exe

     584 C:\Windows\System32\services.exe

     608 C:\Windows\System32\winlogon.exe

     636 C:\Windows\System32\lsass.exe

     644 C:\Windows\System32\lsm.exe

     744 C:\Windows\System32\svchost.exe

     848 C:\Windows\System32\svchost.exe

     920 C:\Windows\System32\atiesrxx.exe

     972 C:\Windows\System32\svchost.exe

    1004 C:\Windows\System32\svchost.exe

     108 C:\Windows\System32\svchost.exe

     928 C:\Windows\System32\svchost.exe

    1052 C:\Windows\System32\svchost.exe

    1156 C:\Windows\System32\atieclxx.exe

    1184 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    1356 C:\Windows\System32\dwm.exe

    1364 C:\Windows\explorer.exe

    1512 C:\Windows\System32\spoolsv.exe

    1532 C:\Windows\System32\taskhost.exe

    1612 C:\Windows\System32\svchost.exe

    1772 C:\Windows\SysWOW64\svchost.exe

    1800 C:\Windows\SysWOW64\svchost.exe

    1852 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    1952 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    2004 C:\Windows\System32\svchost.exe

    2032 C:\Windows\SysWOW64\NlsSrv32.exe

    1392 C:\Windows\System32\svchost.exe

    1672 C:\Windows\System32\svchost.exe

    1376 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    2380 C:\Windows\System32\SearchIndexer.exe

    2556 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    2756 C:\Windows\System32\svchost.exe

    2868 C:\Windows\System32\taskeng.exe

    2948 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

    2956 C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

    2992 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    3528 C:\Program Files\Windows Media Player\wmpnetwk.exe

    3684 C:\Windows\System32\svchost.exe

    3740 C:\Program Files\Classic Shell\ClassicStartMenu.exe

    3800 C:\Program Files\IDT\WDM\sttray64.exe

    3844 C:\Program Files\AVAST Software\Avast\AvastUI.exe

    2456 C:\Windows\System32\svchost.exe

     684 C:\Windows\servicing\TrustedInstaller.exe

    3076 C:\Windows\System32\wuauclt.exe

    3656 C:\Windows\System32\audiodg.exe

    3452 C:\Users\***\Desktop\MBRCheck.exe

    1208 C:\Windows\System32\conhost.exe

    5004 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`30a00000  (NTFS)

\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: HitachiHTS725032A9A364, Rev: PC3OC70E

PhysicalDrive1 Model Number: SeagateDesktop, Rev: 0130
 

      Size  Device Name          MBR Status

  --------------------------------------------

    298 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: AE939A9637EB017A1FBEBAA32E46003B3B7C68CA

    931 GB  \\.\PhysicalDrive1   MBR Code Faked!

            SHA1: C72EFE106BC48C1561FD9A90AD20A92156D9FBB4
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 

Done!

hi, mbrcheck noch mal laufen lassen.
drücke dann y (evtl. enter)
dan 1 (evtl. enter)
drücke 0 (evtl. enter)
vergib einen Namen, drücke enter

mbrcheck noch mal laufen lassen
drücke dann y (evtl. enter)
dan 1 (evtl. enter)
drücke 1 (evtl. enter)
vergib einen Namen, drücke enter
lade beide hoch:
Trojaner-Board Upload Channel
Melden, wenn fertig.

Ok, ist hochgeladen..

Hat irgendwas beim Upload nicht geklappt oder habe ich was falsch gemacht??

ich warte noch auf ein ergebniss für die mbrs.
hast du eine windows cd zur hand?

Gut, vielen Dank!
Ja eine windows cd habe ich.

hi,
bitte fixmbr und fixboot ausführen
Tipparchiv - MBR unter Vista oder Windows 7 reparieren - WinTotal.de
schauen ob das Problem noch auftritt

Befehle hab ich ausgeführt.
Problem besteht leider weiter...

hi,
ich bin deine Logs noch mal durchgegangen, ich habe im hitmanpro log einen Keygen übersehen.
http://www.trojaner-board.de/95394-c...-software.html
da kann ich dir leider nur beim neu aufsetzen helfen
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.