Avast findet Win32:Bolzano-W / temp Datei

#0
13.04.2012, 15:10
Member

Beiträge: 36
#1 Hallo,

Nach langer Zeit benötige ich wieder mal Eure Hilfe. Danke.


Avast hat heute einen Fund gemeldet.

C:\4ee65ffc3dfa6f47c855cd1542af63\33643A15-6E92-4702-AB54-B0D77D2B58E9mpasdlta.vdm.new.temp [L] Win32:Bolzano-W (0)
Datei erfolgreich in Container verschoben

Win 7 - 64bit System. Gestern habe ich per Secunia PSI alle Updates eingespielt. Standardbenutzer.


Virustotal Ergebnisse

Code


Antivirus     Result     Update
AhnLab-V3     -     20120413
AntiVir     -     20120413
Antiy-AVL     -     20120413
Avast     Win32:Gremo     20120413
AVG     -     20120413
BitDefender     -     20120413
ByteHero     -     20120413
CAT-QuickHeal     -     20120413
ClamAV     W32.Perelett.14919     20120413
Commtouch     -     20120413
Comodo     -     20120413
DrWeb     -     20120413
Emsisoft     -     20120413
eSafe     -     20120412
eTrust-Vet     JS/Blacole.BC     20120413
F-Prot     -     20120412
F-Secure     -     20120413
Fortinet     -     20120413
GData     Win32:Bolzano-W     20120413
Ikarus     -     20120413
Jiangmin     -     20120413
K7AntiVirus     -     20120412
Kaspersky     -     20120413
McAfee     -     20120413
McAfee-GW-Edition     -     20120412
Microsoft     -     20120413
NOD32     -     20120413
Norman     -     20120413
nProtect     -     20120413
Panda     -     20120413
PCTools     -     20120413
Rising     -     20120413
Sophos     -     20120413
SUPERAntiSpyware     -     20120402
Symantec     -     20120413
TheHacker     -     20120412
TrendMicro     -     20120413
TrendMicro-HouseCall     -     20120413
VBA32     -     20120413
VIPRE     -     20120413
ViRobot     -     20120413
VirusBuster     -     20120412



Danach Vollständige Prüfung Avast: kein Virus gefunden.


Malwarebytes QuickScan Logdatei

Code


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

13.04.2012 14:47:00
mbam-log-2012-04-13 (14-47-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung |

Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210912
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)


OTL.txt


OTL logfile created on: 13.04.2012 14:53:57 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type =

NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:

dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,47 Gb Available Physical Memory |

63,22% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,79% Paging

File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:

\Program Files (x86)
Drive C: | 256,00 Gb Total Space | 220,40 Gb Free Space | 86,09% Space

Free | Partition Type: NTFS
Drive D: | 340,18 Gb Total Space | 335,57 Gb Free Space | 98,65% Space

Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit

Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name

Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.04.13 14:34:37 | 000,593,920 | ---- | M] (OldTimer Tools) --

C:\Users\PC\Desktop\OTL.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) --

C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) --

C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.24 15:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:

\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation)

-- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology

\IAStorDataMgrSvc.exe
PRC - [2011.10.17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation)

-- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology

\IAStorIcon.exe
PRC - [2011.06.22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:

\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft

Corporation) -- C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe
PRC - [2009.11.10 20:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:

\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009.11.10 20:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:

\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009.11.10 20:30:14 | 001,352,480 | ---- | M] (Seagate) -- C:

\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.04.12 10:42:30 | 012,433,408 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms

\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.12 10:42:24 | 001,590,784 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\System.Drawing

\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.02.23 12:21:26 | 000,771,584 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#

\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.23 12:20:59 | 003,347,968 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\WindowsBase

\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.23 12:20:56 | 005,453,312 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\System.Xml

\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.23 12:20:54 | 000,971,264 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\System.Configuration

\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.23 12:20:53 | 007,967,232 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\System

\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.21 16:37:01 | 000,014,336 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\IAStorCommon

\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll
MOD - [2012.01.13 16:33:27 | 011,490,304 | ---- | M] () -- C:\Windows

\assembly\NativeImages_v2.0.50727_32\mscorlib

\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows

\assembly\GAC_MSIL\System.Runtime.Remoting.resources

\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows

\assembly\GAC_MSIL\mscorlib.resources

\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.10 18:39:32 | 001,332,576 | ---- | M] () -- C:\Program

Files (x86)\Seagate\DiscWizard\fox.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD)

[Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External

Events Utility)
SRV - [2012.03.30 16:56:34 | 000,253,600 | ---- | M] (Adobe Systems

Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed

\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.22 12:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D)

[Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software)

[Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe --

(avast! Antivirus)
SRV - [2012.02.24 15:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto |

Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI

Agent)
SRV - [2012.02.24 15:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto |

Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia

Update Agent)
SRV - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation)

[Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage

Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.06.22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto |

Running] -- C:\Program Files (x86)\Common Files\Acronis

\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.04.06 16:50:56 | 000,610,816 | ---- | M] (Sphinx Software)

[Auto | Running] -- C:\Programme\Windows7FirewallControl

\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft

Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh

\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.)

[Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft

Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.10 20:37:02 | 000,606,048 | ---- | M] (Seagate) [Auto |

Running] -- C:\Program Files (x86)\Common Files\Seagate

\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft

Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework

\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.03.26 00:33:38 | 000,971,360 | ---- | M]

(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\timntr.sys -- (timounter)
DRV:64bit: - [2012.03.26 00:33:33 | 000,210,016 | ---- | M]

(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\vididr.sys -- (vididr)
DRV:64bit: - [2012.03.26 00:33:31 | 000,141,920 | ---- | M]

(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2012.03.26 00:33:28 | 000,275,552 | ---- | M]

(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\snapman.sys -- (snapman)
DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M]

(AVAST Software) [File_System | System | Running] -- C:\Windows

\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M]

(AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative

\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M]

(AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative

\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M]

(AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative

\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M]

(AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative

\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M]

(AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative

\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M]

(Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows

\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 00:17:56 | 000,081,952 | ---- | M]

(Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative

\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2012.02.26 00:17:54 | 000,593,952 | ---- | M]

(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.01.10 15:28:18 | 012,311,904 | ---- | M]

(Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M]

(Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative

\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.11.24 00:02:20 | 000,648,808 | ---- | M]

(Realtek ) [Kernel |

On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys --

(RTL8167)
DRV:64bit: - [2011.11.22 16:21:46 | 000,395,752 | ---- | M]

(ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.22 16:21:46 | 000,130,024 | ---- | M]

(ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M]

(Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative

\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.15 10:15:00 | 000,216,064 | ---- | M]

(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas

Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2011.09.15 10:14:58 | 000,100,352 | ---- | M]

(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub) Renesas

Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M]

(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M]

(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.18 02:04:20 | 000,188,544 | ---- | M]

(Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.18 02:04:18 | 000,087,168 | ---- | M]

(Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M]

(Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M]

(Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M]

(Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M]

(Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M]

(Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M]

(Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows

\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 11:01:46 | 000,313,136 | ---- | M]

(Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.07 11:01:46 | 000,024,880 | ---- | M]

(Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M]

(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M]

(Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M]

(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.26 17:32:14 | 000,158,976 | ---- | M]

(Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI

Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD

Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI

Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M]

(Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M]

(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M]

(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M]

(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M]

(Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] ()

[Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007.05.11 19:01:10 | 000,070,424 | ---- | M]

(Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV - [2012.03.22 12:14:28 | 000,163,480 | ---- | M] (SANDBOXIE L.T.D)

[Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys --

(SbieDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft

Corporation) [File_System | On_Demand | Stopped] -- C:\Windows

\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========

[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-

46B5-BAE5-30C72ECAB790}
IE:64bit: - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-

30C72ECAB790}: "URL" = http://www.bing.com/search?q={searchTerms}

&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:

\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-46B5-BAE5-

30C72ECAB790}
IE - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-30C72ECAB790}: "URL"

= http://www.bing.com/search?q={searchTerms}

&form=MSBTDF&pc=MASB&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer

\Main,Default_Secondary_Page_URL = http://syb.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect

Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect

Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect

Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-

E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:

C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:

C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows

\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files

(x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files

(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins

\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins

\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google

Update;version=8: C:\Program Files (x86)\Google\Update

\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:

\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\

\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF

[2012.03.11 20:11:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:

\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-

7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll

(AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-

A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll

(Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:

\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle

Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-

45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast

\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value

found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST

Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program

Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon

\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files

(x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative

\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative

\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative

\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek

\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program

Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme

\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files

(x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast

\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate

\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R)

Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis

\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie

\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:

ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:

ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 []

- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

(Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 []

- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

(Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

(Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}

http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

(Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

(Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

(Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}

http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

(Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

(Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4CE61E6-

7C3F-47E9-A69F-9359700546CB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows

\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows

\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft

Corporation)
O20:64bit: - HKLM Winlogon: VMApplet -

(SystemPropertiesPerformance.exe) - C:\Windows\SysNative

\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not

found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows

\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows

\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -

C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-

00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No

CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:

\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows

\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java

(Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft

Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -

%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%

\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline

Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -

"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} -

DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet

Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft

Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet

Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing

Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft

Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site

Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address

Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} -

regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:

\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:

\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic

HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet

Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active

Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET

Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET

Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -

%SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:

\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:

\Windows\System32\rundll32.exe" "C:\Windows

\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows

Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%

\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%

\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%

\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows

Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer

Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows

Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n

/i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows

\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows

\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data

Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core

Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory

Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%

\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows

\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows

\SysWOW64\rundll32.exe" "C:\Windows

\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



[color=#E56717]========== Files/Folders - Created Within 30 Days

==========[/color]

[2012.04.13 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Admin

\AppData\Roaming\Malwarebytes
[2012.04.13 14:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.13 14:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData

\Malwarebytes
[2012.04.13 14:44:42 | 000,024,904 | ---- | C] (Malwarebytes

Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.13 14:44:42 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Malwarebytes' Anti-Malware
[2012.04.08 22:38:43 | 000,000,000 | ---D | C] -- C:\Users\Admin

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Britannica 12.0
[2012.04.08 22:30:50 | 000,000,000 | -H-D | C] -- C:\Program Files

(x86)\Zero G Registry
[2012.04.08 22:29:01 | 000,000,000 | -H-D | C] -- C:\Users\Admin

\InstallAnywhere
[2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin

\AppData\Roaming\Opera
[2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin

\AppData\Local\Opera
[2012.04.02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Opera
[2012.03.30 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.03.28 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012.03.28 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Core

Temp
[2012.03.28 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\SIW
[2012.03.28 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\SIW
[2012.03.26 02:05:47 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\EASEUS
[2012.03.26 01:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012.03.26 01:13:06 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Runtime Software
[2012.03.26 00:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Western Digital Corporation
[2012.03.26 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.03.26 00:33:17 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Acronis
[2012.03.26 00:33:16 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Common Files\Acronis
[2012.03.25 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.03.25 20:01:09 | 000,000,000 | ---D | C] -- C:\Program Files

\Recuva
[2012.03.23 14:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.03.23 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Lavalys
[2012.03.23 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\SpeedFan
[2012.03.22 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Public

\Documents\sun
[2012.03.22 15:54:20 | 000,000,000 | --SD | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.03.21 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.21 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Admin

\AppData\Roaming\vlc
[2012.03.16 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin

\AppData\Local\Microsoft Games

[color=#E56717]========== Files - Modified Within 30 Days ==========

[/color]

[2012.04.13 14:51:49 | 000,003,270 | ---- | M] () -- C:\Windows

\Sandboxie.ini
[2012.04.13 14:44:44 | 000,001,109 | ---- | M] () -- C:\Users\Public

\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.13 14:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks

\GoogleUpdateTaskMachineUA.job
[2012.04.13 14:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks

\Adobe Flash Player Updater.job
[2012.04.13 13:59:15 | 000,031,840 | -H-- | M] () -- C:\Windows

\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-

439d-8115-601632D005A0
[2012.04.13 13:59:15 | 000,031,840 | -H-- | M] () -- C:\Windows

\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-

439d-8115-601632D005A0
[2012.04.13 13:56:29 | 001,612,484 | ---- | M] () -- C:\Windows

\SysNative\PerfStringBackup.INI
[2012.04.13 13:56:29 | 000,696,620 | ---- | M] () -- C:\Windows

\SysNative\perfh007.dat
[2012.04.13 13:56:29 | 000,651,938 | ---- | M] () -- C:\Windows

\SysNative\perfh009.dat
[2012.04.13 13:56:29 | 000,147,916 | ---- | M] () -- C:\Windows

\SysNative\perfc007.dat
[2012.04.13 13:56:29 | 000,120,870 | ---- | M] () -- C:\Windows

\SysNative\perfc009.dat
[2012.04.13 13:52:38 | 000,001,102 | ---- | M] () -- C:\Windows\tasks

\GoogleUpdateTaskMachineCore.job
[2012.04.13 13:52:01 | 000,067,584 | --S- | M] () -- C:\Windows

\bootstat.dat
[2012.04.13 13:52:00 | 3151,400,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.12 10:25:24 | 000,000,000 | ---- | M] () -- C:\Windows

\SysWow64\config.nt
[2012.04.09 12:52:09 | 000,315,968 | ---- | M] () -- C:\Windows

\SysNative\FNTCACHE.DAT
[2012.04.08 22:38:43 | 000,000,667 | ---- | M] () -- C:\Users\Public

\Desktop\Deluxe Edition.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes

Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 16:30:22 | 000,001,829 | ---- | M] () -- C:\Users\Public

\Desktop\Opera.lnk
[2012.03.28 18:06:43 | 000,000,948 | ---- | M] () -- C:\Users\Admin

\Desktop\Core Temp.lnk
[2012.03.28 17:47:44 | 000,000,935 | ---- | M] () -- C:\Users\Admin

\Desktop\SIW.lnk
[2012.03.26 01:13:08 | 000,001,988 | ---- | M] () -- C:\Users\Public

\Desktop\GetDataBack for FAT.lnk
[2012.03.26 00:33:40 | 000,001,149 | ---- | M] () -- C:\Users\Public

\Desktop\Acronis True Image WDEdition.lnk
[2012.03.25 20:02:50 | 000,001,980 | ---- | M] () -- C:\Users\Admin

\Desktop\CrystalDiskInfo.lnk
[2012.03.25 20:01:29 | 000,001,057 | ---- | M] () -- C:\Users\Admin

\Desktop\Secunia PSI.lnk
[2012.03.23 14:33:49 | 000,001,102 | ---- | M] () -- C:\Users\Admin

\Desktop\EVEREST Home Edition.lnk
[2012.03.23 14:33:29 | 000,001,007 | ---- | M] () -- C:\Users\Admin

\Desktop\SpeedFan.lnk
[2012.03.23 14:33:28 | 000,000,045 | ---- | M] () -- C:\Windows

\SysWow64\initdebug.nfo
[2012.03.22 15:54:20 | 000,001,110 | ---- | M] () -- C:\Users\Public

\Desktop\LibreOffice 3.5.lnk
[2012.03.21 18:25:46 | 000,001,066 | ---- | M] () -- C:\Users\Public

\Desktop\VLC media player.lnk
[2012.03.18 23:59:52 | 001,589,442 | ---- | M] () -- C:\Windows

\SysWow64\PerfStringBackup.INI
[2012.03.16 18:05:34 | 000,001,106 | ---- | M] () -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[color=#E56717]========== Files Created - No Company Name ==========

[/color]

[2012.04.13 14:44:44 | 000,001,109 | ---- | C] () -- C:\Users\Public

\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.08 22:38:43 | 000,000,667 | ---- | C] () -- C:\Users\Public

\Desktop\Deluxe Edition.lnk
[2012.04.02 16:30:22 | 000,001,841 | ---- | C] () -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.04.02 16:30:22 | 000,001,829 | ---- | C] () -- C:\Users\Public

\Desktop\Opera.lnk
[2012.03.30 16:54:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks

\Adobe Flash Player Updater.job
[2012.03.28 18:06:43 | 000,000,948 | ---- | C] () -- C:\Users\Admin

\Desktop\Core Temp.lnk
[2012.03.28 17:47:44 | 000,000,935 | ---- | C] () -- C:\Users\Admin

\Desktop\SIW.lnk
[2012.03.28 16:30:49 | 000,315,968 | ---- | C] () -- C:\Windows

\SysNative\FNTCACHE.DAT
[2012.03.26 01:13:08 | 000,001,988 | ---- | C] () -- C:\Users\Public

\Desktop\GetDataBack for FAT.lnk
[2012.03.26 00:33:40 | 000,001,149 | ---- | C] () -- C:\Users\Public

\Desktop\Acronis True Image WDEdition.lnk
[2012.03.23 14:33:49 | 000,001,102 | ---- | C] () -- C:\Users\Admin

\Desktop\EVEREST Home Edition.lnk
[2012.03.23 14:33:29 | 000,001,007 | ---- | C] () -- C:\Users\Admin

\Desktop\SpeedFan.lnk
[2012.03.23 14:33:27 | 000,000,045 | ---- | C] () -- C:\Windows

\SysWow64\initdebug.nfo
[2012.03.22 15:54:20 | 000,001,110 | ---- | C] () -- C:\Users\Public

\Desktop\LibreOffice 3.5.lnk
[2012.03.16 18:05:34 | 000,001,106 | ---- | C] () -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.03.16 18:05:34 | 000,001,057 | ---- | C] () -- C:\Users\Admin

\Desktop\Secunia PSI.lnk
[2012.02.29 22:58:32 | 000,000,126 | ---- | C] () -- C:\Windows

\SysWow64\quietHDD.ini
[2012.02.23 13:01:11 | 000,003,270 | ---- | C] () -- C:\Windows

\Sandboxie.ini
[2012.02.10 11:34:56 | 000,963,884 | ---- | C] () -- C:\Windows

\SysWow64\igkrng600.bin
[2012.02.10 11:34:55 | 000,221,264 | ---- | C] () -- C:\Windows

\SysWow64\igfcg600m.bin
[2012.02.10 11:34:54 | 000,145,804 | ---- | C] () -- C:\Windows

\SysWow64\igcompkrng600.bin
[2012.02.10 11:34:54 | 000,056,832 | ---- | C] () -- C:\Windows

\SysWow64\igdde32.dll
[2012.02.10 11:34:53 | 013,904,384 | ---- | C] () -- C:\Windows

\SysWow64\ig4icd32.dll
[2012.01.13 15:27:07 | 001,589,442 | ---- | C] () -- C:\Windows

\SysWow64\PerfStringBackup.INI
[2012.01.13 14:35:00 | 000,000,000 | ---- | C] () -- C:\Windows

\ativpsrm.bin

[color=#E56717]========== LOP Check ==========[/color]

[2012.02.24 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Admin

\AppData\Roaming\GHISLER
[2012.01.13 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Admin

\AppData\Roaming\InfraRecorder
[2012.03.08 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Admin

\AppData\Roaming\LibreOffice
[2012.04.02 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Admin

\AppData\Roaming\Opera
[2012.04.11 13:45:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks

\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< Code >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.03.16 16:01:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.13 14:32:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and

Settings
[2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und

Einstellungen
[2012.02.21 16:33:06 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.28 18:06:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.13 14:44:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.13 14:44:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.22 21:07:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.24 15:18:30 | 000,000,000 | R--D | M] -- C:\Sandbox
[2012.04.12 10:35:16 | 000,000,000 | -HSD | M] -- C:\System Volume

Information
[2012.02.24 17:26:47 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.03.16 16:01:04 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.13 14:51:49 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation)

MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs

\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d

\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)

MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)

MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs

\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba

\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation)

MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs

\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.

exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation)

MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs

\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb

\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs

\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.

exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation)

MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs

\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.

exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation)

MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs

\amd64_microsoft-windows-registry-

editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation)

MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation)

MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation)

MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs

\wow64_microsoft-windows-registry-

editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)

MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)

MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs

\x86_microsoft-windows-

userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.

exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)

MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative

\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)

MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs

\amd64_microsoft-windows-

userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c

\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation)

MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation)

MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs

\amd64_microsoft-windows-

wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.ex

e
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation)

MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation)

MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs

\x86_microsoft-windows-

wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.ex

e

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] ()

MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files

(x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation)

MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative

\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation)

MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs

\amd64_microsoft-windows-

winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.

exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|

LastSuccessTime /rs >[/color]

[color=#A23BEC]< CREATERESTOREPOIN >[/color]

< End of report >
[/CODE]

Extra.txt

[CODE]
OTL Extras logfile created on: 13.04.2012 14:53:57 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type =

NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:

dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,47 Gb Available Physical Memory |

63,22% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,79% Paging

File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:

\Program Files (x86)
Drive C: | 256,00 Gb Total Space | 220,40 Gb Free Space | 86,09% Space

Free | Partition Type: NTFS
Drive D: | 340,18 Gb Total Space | 335,57 Gb Free Space | 98,65% Space

Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit

Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name

Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera

Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe

(Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft

Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera

Software)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell

\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML

"%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera

Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera

Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"

(Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:

\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:

\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%

\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC

\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"

--started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%*

(Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML

"%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera

Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera

Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"

(Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%

\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC

\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"

--started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========

[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========

[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

\Uninstall]
"{063C0043-E954-4850-9AA7-F9BC4E920D38}" = Adobe Flash Player 11 Plugin

(x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon

MP560 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in

Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64

edition)
"{421976B6-DEC6-4CA5-941F-F0663B3A2B74}" = Adobe Flash Player 11 ActiveX

(x64)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4

Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error

Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language

Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client

Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service

Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010

x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4

Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4

Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4

Extended
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.66 (64-bit)
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.13.71

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E8E4718-0702-4D33-B007-5E95849BAB3C}" = LibreOffice 3.5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010

x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008

Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform

Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage

Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic

for Windows 1.24
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WDEdition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008

Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = SeagateDiscWizard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications

Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005

Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio

Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series

Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a
"Deluxe Edition" = Deluxe Edition
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exif Tag Remover_is1" = Exif Tag Remover 2.0
"Foxit Reader_is1" = Foxit Reader 5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version

1.61.0.1400
"MozBackup" = MozBackup 1.5.1
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Opera 11.62.1347" = Opera 11.62
"Secunia PSI" = Secunia PSI (3.0.0.0004)
"SpeedFan" = SpeedFan (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 08.04.2012 09:23:16 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 08.04.2012 12:49:06 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 08.04.2012 16:27:58 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 09.04.2012 06:53:50 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 09.04.2012 09:08:51 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 10.04.2012 08:11:41 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 11.04.2012 07:47:27 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 12.04.2012 04:25:34 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 12.04.2012 04:43:20 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

Error - 13.04.2012 07:53:48 | Computer Name = Admin-PC | Source =

WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30.03.2012 10:56:01 | Computer Name = Admin-PC | Source =

Service Control Manager | ID = 7034
Description = Dienst "Secunia Update Agent" wurde unerwartet beendet.

Dies ist bereits
1 Mal passiert.

Error - 30.03.2012 10:58:37 | Computer Name = Admin-PC | Source =

Service Control Manager | ID = 7034
Description = Dienst "Secunia Update Agent" wurde unerwartet beendet.

Dies ist bereits
2 Mal passiert.

Error - 30.03.2012 12:10:03 | Computer Name = Admin-PC | Source =

BROWSER | ID = 8032
Description =

Error - 31.03.2012 09:36:02 | Computer Name = Admin-PC | Source =

Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde

aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 31.03.2012 09:52:47 | Computer Name = Admin-PC | Source =

BROWSER | ID = 8032
Description =

Error - 31.03.2012 12:50:16 | Computer Name = Admin-PC | Source =

BROWSER | ID = 8032
Description =

Error - 01.04.2012 11:21:55 | Computer Name = Admin-PC | Source =

Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde

aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 01.04.2012 11:38:43 | Computer Name = Admin-PC | Source =

BROWSER | ID = 8032
Description =

Error - 02.04.2012 10:28:20 | Computer Name = Admin-PC | Source =

Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde

aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 03.04.2012 07:01:46 | Computer Name = Admin-PC | Source =

Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde

aufgrund folgenden
Fehlers nicht gestartet: %%2


< End of report >
Seitenanfang Seitenende
13.04.2012, 15:34
Member

Themenstarter

Beiträge: 36
#2 Die erste Meldung / Popup lautete Win32:Bolzano-W. Im Protokoll steht Win32:Gremo. Jetzt habe ich die Datei im Container erneut überprüft und Avast meldet: kein Virus gefunden. Habe die Datei nicht bereinigt. Keine Ahnung, ob diese Ergänzung wichtig ist. Erklärung False Positive?
Seitenanfang Seitenende
14.04.2012, 00:49
Moderator

Beiträge: 5694
#3 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Das OTL Log sieht sehr komisch aus. Hast Du es normal hierher kopiert?
Seitenanfang Seitenende
14.04.2012, 13:53
Member

Themenstarter

Beiträge: 36
#4 Hallo und danke für die schnelle Antwort. Ja, ich habe es normal hierher kopiert, hatte aber versehentlich einen Code Tag im Benutzerdefinierte Scans Feld. Sieht es deshalb komisch aus? Im Anhang ein zweiter Scan.

OTL logfile created on: 14.04.2012 13:39:51 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,24% Memory free
7,82 Gb Paging File | 6,46 Gb Available in Paging File | 82,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256,00 Gb Total Space | 220,42 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
Drive D: | 340,18 Gb Total Space | 335,57 Gb Free Space | 98,65% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.04.13 14:34:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.10.17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.06.22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.06.22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.11.10 20:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009.11.10 20:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.04.12 10:42:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012.04.12 10:42:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.12 10:42:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.02.23 12:21:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.23 12:20:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.23 12:20:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.23 12:20:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.23 12:20:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.21 16:37:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll
MOD - [2012.01.13 16:33:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.10 18:39:32 | 001,332,576 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.30 16:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.22 12:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.06.22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.04.06 16:50:56 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.10 20:37:02 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.03.26 00:33:38 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.03.26 00:33:33 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012.03.26 00:33:31 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2012.03.26 00:33:28 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 00:17:56 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2012.02.26 00:17:54 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.01.10 15:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.11.24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.11.22 16:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.22 16:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.15 10:15:00 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2011.09.15 10:14:58 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.18 02:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.18 02:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 11:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.07 11:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007.05.11 19:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV - [2012.03.22 12:14:28 | 000,163,480 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-46B5-BAE5-30C72ECAB790}
IE:64bit: - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-30C72ECAB790}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-46B5-BAE5-30C72ECAB790}
IE - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-30C72ECAB790}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://syb.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.11 20:11:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4CE61E6-7C3F-47E9-A69F-9359700546CB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Error creating restore point.

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.04.13 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.04.13 14:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.13 14:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.13 14:44:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.13 14:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.08 22:38:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Britannica 12.0
[2012.04.08 22:30:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012.04.08 22:29:01 | 000,000,000 | -H-D | C] -- C:\Users\Admin\InstallAnywhere
[2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Opera
[2012.04.02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.03.30 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.03.28 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012.03.28 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012.03.28 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012.03.28 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2012.03.26 02:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012.03.26 01:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012.03.26 01:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2012.03.26 00:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2012.03.26 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.03.26 00:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012.03.26 00:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012.03.25 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.03.25 20:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.03.23 14:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.03.23 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.03.23 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.03.22 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.03.22 15:54:20 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.03.21 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.21 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc
[2012.03.16 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.04.14 13:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.14 13:39:44 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.14 13:39:44 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.14 13:37:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.14 13:37:04 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.14 13:37:04 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.14 13:37:04 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.14 13:37:04 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.14 13:32:43 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.14 13:32:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 13:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.14 13:32:24 | 3151,400,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.13 14:51:49 | 000,003,270 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.04.13 14:44:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.12 10:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.04.09 12:52:09 | 000,315,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.08 22:38:43 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\Deluxe Edition.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 16:30:22 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.28 18:06:43 | 000,000,948 | ---- | M] () -- C:\Users\Admin\Desktop\Core Temp.lnk
[2012.03.28 17:47:44 | 000,000,935 | ---- | M] () -- C:\Users\Admin\Desktop\SIW.lnk
[2012.03.26 01:13:08 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012.03.26 00:33:40 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WDEdition.lnk
[2012.03.25 20:02:50 | 000,001,980 | ---- | M] () -- C:\Users\Admin\Desktop\CrystalDiskInfo.lnk
[2012.03.25 20:01:29 | 000,001,057 | ---- | M] () -- C:\Users\Admin\Desktop\Secunia PSI.lnk
[2012.03.23 14:33:49 | 000,001,102 | ---- | M] () -- C:\Users\Admin\Desktop\EVEREST Home Edition.lnk
[2012.03.23 14:33:29 | 000,001,007 | ---- | M] () -- C:\Users\Admin\Desktop\SpeedFan.lnk
[2012.03.23 14:33:28 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.03.22 15:54:20 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.03.21 18:25:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.18 23:59:52 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.04.13 14:44:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.08 22:38:43 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\Deluxe Edition.lnk
[2012.04.02 16:30:22 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.04.02 16:30:22 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.30 16:54:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.28 18:06:43 | 000,000,948 | ---- | C] () -- C:\Users\Admin\Desktop\Core Temp.lnk
[2012.03.28 17:47:44 | 000,000,935 | ---- | C] () -- C:\Users\Admin\Desktop\SIW.lnk
[2012.03.28 16:30:49 | 000,315,968 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.26 01:13:08 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012.03.26 00:33:40 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WDEdition.lnk
[2012.03.23 14:33:49 | 000,001,102 | ---- | C] () -- C:\Users\Admin\Desktop\EVEREST Home Edition.lnk
[2012.03.23 14:33:29 | 000,001,007 | ---- | C] () -- C:\Users\Admin\Desktop\SpeedFan.lnk
[2012.03.23 14:33:27 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.03.22 15:54:20 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.03.16 18:05:34 | 000,001,057 | ---- | C] () -- C:\Users\Admin\Desktop\Secunia PSI.lnk
[2012.02.29 22:58:32 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\quietHDD.ini
[2012.02.23 13:01:11 | 000,003,270 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.02.10 11:34:56 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.10 11:34:55 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.10 11:34:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.10 11:34:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.10 11:34:53 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.01.13 15:27:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.13 14:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[color=#E56717]========== LOP Check ==========[/color]

[2012.02.24 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER
[2012.01.13 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InfraRecorder
[2012.03.08 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2012.04.02 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.04.11 13:45:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.03.16 16:01:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.13 14:32:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.02.21 16:33:06 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.28 18:06:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.13 14:44:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.13 14:44:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.22 21:07:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.24 15:18:30 | 000,000,000 | R--D | M] -- C:\Sandbox
[2012.04.12 10:35:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.24 17:26:47 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.03.16 16:01:04 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.13 14:51:49 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

Anhang: OTL.Txt
Seitenanfang Seitenende
15.04.2012, 13:32
Moderator

Beiträge: 5694
#5 Ist das ein geschäftlich genutzter PC?
Seitenanfang Seitenende
15.04.2012, 18:51
Member

Themenstarter

Beiträge: 36
#6 Nein, privat. "Relativ" neu. Wieso? Ich traue mich gar nicht zu fragen, aber sieht es nach
einer schlimmen Infektion aus? Bin absoluter Laie, d.h. ich kann keine Logs "entziffern."
Seitenanfang Seitenende
16.04.2012, 23:20
Moderator

Beiträge: 5694
#7 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.
Seitenanfang Seitenende
17.04.2012, 13:31
Member

Themenstarter

Beiträge: 36
#8 Neue Info: Definition Update for Windows Defender - KB915579 (Definition 1.123.1936.0) Fehlgeschlagen. Danach erfolgreiches Update. Am Tag der oben angeführten Virenmeldung auch. Ich habe den Defender jetzt deaktiviert oder kann das Programm trotz Avast genutzt werden? 5 Sekunden später meldet Avast "C:\99f54790ebbeec425462\16C03A37-69EE-4BA6-9A64-03F4E3AE8101mpasdlta.vdm.new.temp [L] Win32:Bolzano-W (0)
Datei erfolgreich in Container verschoben" Gehört diese Datei eventuell zum Windows Defender? In einem englischsprachigen Forum habe ich einen entsprechenden Eintrag gefunden, dass mpasdlta.vdm darauf hindeutet und auch der Ort des Ordners.

Anhang: ComboFix.txt
Seitenanfang Seitenende
17.04.2012, 21:01
Moderator

Beiträge: 5694
#9 Ja das sieht nach Virendefinitionen aus... Hast Du ein mal ein AVG Update gemacht?
Seitenanfang Seitenende
18.04.2012, 10:38
Member

Themenstarter

Beiträge: 36
#10 Also muss ich mir keine Gedanken machen und auch das System nicht neu aufsetzen? Kann ich Combofix wieder deinstallieren? Meinst du Avast Update? Ja, zeigt die zweite Datei von gestern immer noch als Win32: Gremo an. Habe jetzt mal einen Verdacht auf Fehlmeldung an das Virenlabor übermittelt. Kann ich Avast und Windows Defender wirklich zusammen nutzen? Ich habe gelesen, dass dies keine Konflikte mit sich bringt.
Seitenanfang Seitenende
19.04.2012, 02:19
Moderator

Beiträge: 5694
#11 Ja das kannst Du eigentlich ohne Probleme. Dann schau einmal was das Labor meint.
Seitenanfang Seitenende
19.04.2012, 10:26
Member

Themenstarter

Beiträge: 36
#12 Labor mein kein Virus. Danke nochmal für die schnelle Unterstützung!
Seitenanfang Seitenende
19.04.2012, 14:42
Moderator

Beiträge: 5694
#13 ;) Gern geschehen.

Dir noch eine gute Zeit.
Seitenanfang Seitenende