Results 1 to 10 of 32

Thread: malware problems

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2013-02-24, 19:24 #1
    novfan
    novfan is offline
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default malware problems

    Hi

    Since a few days I have serious issues with malware on my laptop - however not sure what was the initial reason. I checked my PC with different antivirus software (adaware, avast, antivir). adaware found some minor threats within cookies which i removed. However, problems remained. I checked with spybot search&destroy and found many threats which I removed - however some threats keep appearing after making a reboot. Made a rootkit scan with spybot s&d : quick scan found nothing, "tiefenscan" (producing rootalzyer log file) found an awful lot but I'm not an expert enough to understand what it means.

    I looked in the forum and produced the DDS log, when using awsmbr, however, i get a bluescreen.

    Symptoms are slow performance, programs are crashing (especially browser) and occasional bluescreens. Initially I was upset by Opera, respectively Adobe Flash Player constantly crashing.

    Hope you can help me!

    DDS-log:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_41
    Run by Chris Novak at 11:34:43 on 2013-02-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2410 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
    uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
    mWinlogon: Userinit = userinit.exe
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: SwissAcademic.Citavi.Picker.IEPicker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
    IE: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
    DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\5416379724F687D2838354835383 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\56465727F616D6 : DHCPNameServer = 158.223.1.2 158.223.1.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\75C414E4D2030313144364431383640333 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\84E46424640275C414E4 : DHCPNameServer = 192.168.178.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-17 14456]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-25 55856]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-5-30 28504]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-22 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-22 370288]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-25 203264]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-22 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-22 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-22 44808]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-21 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-21 168384]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-25 1692480]
    R3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\System32\drivers\CryptOSD.sys [2009-6-25 431488]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-25 172704]
    R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-25 5435904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-25 35104]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-17 38096]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-21 19456]
    S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-21 57856]
    S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-26 1255736]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    .
    =============== Created Last 30 ================
    .
    2013-02-22 10:33:52 544688 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2013-02-22 10:33:52 526256 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-02-22 10:25:13 -------- d-----w- C:\Users\Chris Novak\AppData\Local\Secunia PSI
    2013-02-22 10:25:02 -------- d-----w- C:\Program Files (x86)\Secunia
    2013-02-22 10:16:07 -------- d-----w- C:\ProgramData\inf
    2013-02-22 09:21:15 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{945043BE-97FD-4607-B02A-91CD82C6F690}\mpengine.dll
    2013-02-22 09:12:09 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-02-22 09:12:04 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-02-22 09:12:02 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-02-22 09:11:18 41224 ----a-w- C:\Windows\avastSS.scr
    2013-02-21 15:06:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-02-21 15:05:53 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-02-21 15:05:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-02-21 09:18:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-02-21 09:18:32 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-02-21 09:18:31 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-02-21 09:18:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-02-21 09:18:31 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-02-21 09:18:30 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-02-21 09:18:30 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-02-21 09:18:30 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-02-21 09:18:30 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-02-20 16:04:58 -------- d-----w- C:\Windows\CheckSur
    2013-02-19 17:51:58 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-02-19 17:48:45 503808 ----a-w- C:\Windows\System32\srcore.dll
    2013-02-19 17:48:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2013-02-19 17:47:30 -------- d-----w- C:\Users\Chris Novak\AppData\Roaming\Malwarebytes
    2013-02-19 17:37:39 67072 ----a-w- C:\Windows\splwow64.exe
    2013-02-19 17:37:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2013-02-19 17:37:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-02-19 17:36:58 -------- d-----w- C:\Users\Chris Novak\AppData\Local\Programs
    2013-02-19 11:04:36 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-19 11:04:36 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-17 20:05:39 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
    2013-02-17 19:52:11 -------- d-----w- C:\ProgramData\Search Protection
    2013-02-17 19:52:08 -------- d-----w- C:\Users\Chris Novak\AppData\Local\adawarebp
    2013-02-17 19:52:08 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-02-17 19:52:08 -------- d-----w- C:\ProgramData\adawaretb
    2013-02-17 19:52:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2013-02-17 19:52:03 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-02-17 19:51:58 -------- d-----w- C:\Program Files (x86)\adawaretb
    2013-02-17 19:51:29 -------- d-----w- C:\ProgramData\Downloaded Installations
    2013-02-17 19:44:20 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-02-17 19:44:20 -------- d-----w- C:\Users\Chris Novak\AppData\Roaming\LavasoftStatistics
    2013-02-16 10:51:30 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
    2013-02-16 10:51:28 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2013-02-16 10:51:28 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-02-16 10:51:28 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-02-16 10:50:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2013-02-16 10:50:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2013-02-16 10:50:34 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2013-02-16 10:50:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2013-02-16 10:50:29 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2013-02-16 10:50:27 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2013-02-16 10:50:26 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2013-02-16 10:46:58 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-02-16 10:46:57 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-02-16 10:46:57 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-02-16 10:46:57 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-02-16 10:46:57 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-02-16 10:46:57 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-02-16 10:46:57 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-02-14 00:23:19 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 00:23:19 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 00:21:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-14 00:21:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-13 21:09:26 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-13 21:09:24 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 21:09:23 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 21:08:46 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 21:08:41 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 21:08:40 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 21:08:40 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 21:08:40 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 21:08:40 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 21:08:39 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 21:08:14 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-13 21:08:13 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 21:07:41 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2013-02-13 21:07:41 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2013-02-13 16:02:02 -------- d-----w- C:\Users\Chris Novak\AppData\Roaming\Runscanner.net
    2013-02-02 11:00:23 -------- d-----w- C:\Program Files (x86)\OperaNew
    .
    ==================== Find3M ====================
    .
    2013-02-22 10:36:20 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-02-22 10:36:20 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 15:02:37 13048 ----a-w- C:\Windows\System32\avgrssta.dll.prepare
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 11:36:53,60 ===============
  2. 2013-03-01, 06:39 #2
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and novfan

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")

    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!

    ----------------------


    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  3. 2013-03-01, 12:25 #3
    novfan
    novfan is offline
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    I have to admit that while waiting on a reply, I have installed chrome and uninstalled firefox and opera since both were really not working - thought that this might help - however I have the same symptoms as before (even though I think chrome works slightly better/faster than the other browsers, but this might also be just a placebo effect)

    no reboot was required; too many characters so I zipped and attached it
  4. 2013-03-01, 14:47 #4
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi novfan


    AdwCleaner

    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    Next

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Next

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


    On your next reply please post :
    • AdwCleaner[S1].txt
    • JRT.txt
    • ComboFix.txt

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  5. 2013-03-01, 18:47 #5
    novfan
    novfan is offline
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    Hi!

    I did all you said and it worked well. Here are the logs:


    AdwCleaner

    # AdwCleaner v2.113 - Datei am 01/03/2013 um 15:10:05 erstellt
    # Aktualisiert am 23/02/2013 von Xplode
    # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Benutzer : Chris Novak - CHRISNOVAK-PC
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\Chris Novak\Desktop\AdwCleaner.exe
    # Option [Löschen]


    **** [Dienste] ****


    ***** [Dateien / Ordner] *****

    Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
    Ordner Gelöscht : C:\Program Files (x86)\adawaretb
    Ordner Gelöscht : C:\ProgramData\adawaretb
    Ordner Gelöscht : C:\ProgramData\blekko toolbars
    Ordner Gelöscht : C:\ProgramData\search protection
    Ordner Gelöscht : C:\ProgramData\Tarma Installer
    Ordner Gelöscht : C:\Users\Chris Novak\AppData\LocalLow\adawaretb
    Ordner Gelöscht : C:\Users\Chris Novak\AppData\Roaming\Mozilla\Firefox\Profiles\lvhxxpoq.default\adawaretb

    ***** [Registrierungsdatenbank] *****

    Schlüssel Gelöscht : HKCU\Software\APN PIP
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
    Schlüssel Gelöscht : HKCU\Software\Conduit
    Schlüssel Gelöscht : HKCU\Software\GreenTree Applications
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Schlüssel Gelöscht : HKCU\Software\PIP
    Schlüssel Gelöscht : HKCU\Software\Softonic
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Schlüssel Gelöscht : HKLM\Software\Conduit
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Schlüssel Gelöscht : HKLM\Software\PIP
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

    ***** [Internet Browser] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Die Registrierungsdatenbank ist sauber.

    -\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

    Datei : C:\Users\Chris Novak\AppData\Roaming\Mozilla\Firefox\Profiles\lvhxxpoq.default\prefs.js

    Gelöscht : user_pref("keyword.URL", "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb[...]

    -\\ Google Chrome v25.0.1364.97

    Datei : C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Die Datei ist sauber.

    *************************

    AdwCleaner[R1].txt - [3495 octets] - [01/03/2013 14:52:21]
    AdwCleaner[S1].txt - [3271 octets] - [01/03/2013 15:10:05]

    ########## EOF - C:\AdwCleaner[S1].txt - [3331 octets] ##########


    JRT


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.6 (02.27.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Chris Novak on 01.03.2013 at 16:15:15,06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
    Successfully deleted: [Folder] "C:\Users\Chris Novak\appdata\local\adawarebp"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01.03.2013 at 16:46:00,97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    COMBOFIX


    ComboFix 13-03-01.01 - Chris Novak 01.03.2013 17:23:12.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2692 [GMT 0:00]
    ausgeführt von:: c:\users\Chris Novak\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Chris Novak\AppData\Local\assembly\tmp
    c:\windows\IsUn0407.exe
    c:\windows\SysWow64\Nagasoft
    c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
    c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
    c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
    c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
    c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
    c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
    c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
    c:\windows\SysWow64\Nagasoft\GifShower.dll
    c:\windows\SysWow64\Nagasoft\vjocx.dll
    .
    c:\windows\SysWow64\ntdll.dll . . . ist infiziert!!
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-02-01 bis 2013-03-01 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-01 17:38 . 2013-03-01 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-01 16:15 . 2013-03-01 16:15 -------- d-----w- c:\windows\ERUNT
    2013-03-01 16:14 . 2013-03-01 16:14 -------- d-----w- C:\JRT
    2013-03-01 10:46 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{305FB741-6F44-4A9D-9075-4291B95882F7}\mpengine.dll
    2013-02-23 19:42 . 2013-02-23 19:42 -------- d-----w- c:\program files (x86)\ERUNT
    2013-02-22 10:36 . 2013-02-22 10:36 -------- d-----w- c:\program files (x86)\Java
    2013-02-22 10:33 . 2013-02-22 10:33 544688 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-22 10:33 . 2013-02-22 10:33 526256 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-22 10:33 . 2013-02-22 10:33 193968 ----a-w- c:\windows\system32\javaws.exe
    2013-02-22 10:33 . 2013-02-22 10:33 172976 ----a-w- c:\windows\system32\javaw.exe
    2013-02-22 10:33 . 2013-02-22 10:33 172976 ----a-w- c:\windows\system32\java.exe
    2013-02-22 10:33 . 2013-02-22 10:33 -------- d-----w- c:\program files\Java
    2013-02-22 10:25 . 2013-02-22 10:25 -------- d-----w- c:\users\Chris Novak\AppData\Local\Secunia PSI
    2013-02-22 10:25 . 2013-02-22 10:25 -------- d-----w- c:\program files (x86)\Secunia
    2013-02-22 10:16 . 2013-02-22 10:19 -------- d-----w- c:\programdata\inf
    2013-02-22 09:12 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-02-22 09:12 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-02-22 09:12 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-02-22 09:12 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-02-22 09:12 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-02-22 09:12 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-02-22 09:11 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
    2013-02-22 09:11 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2013-02-21 15:06 . 2013-02-27 00:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-02-21 15:05 . 2009-01-25 12:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2013-02-21 15:05 . 2013-02-21 15:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2013-02-21 09:18 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-02-21 09:18 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-02-21 09:18 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-02-21 09:18 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-02-21 09:18 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-02-21 09:18 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-02-21 09:18 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-02-21 09:18 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-02-21 09:18 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-02-20 16:04 . 2013-02-20 16:04 -------- d-----w- c:\windows\CheckSur
    2013-02-19 17:51 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-02-19 17:48 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2013-02-19 17:48 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2013-02-19 17:47 . 2013-02-19 17:47 -------- d-----w- c:\users\Chris Novak\AppData\Roaming\Malwarebytes
    2013-02-19 17:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2013-02-19 17:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2013-02-19 17:37 . 2013-02-19 17:37 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-19 17:36 . 2013-02-19 17:36 -------- d-----w- c:\users\Chris Novak\AppData\Local\Programs
    2013-02-19 11:04 . 2013-02-20 10:19 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-19 11:04 . 2013-02-20 10:19 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-17 20:05 . 2012-12-17 06:43 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys
    2013-02-17 19:52 . 2013-02-17 19:52 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2013-02-17 19:52 . 2013-02-17 19:52 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2013-02-17 19:51 . 2013-02-17 19:51 -------- d-----w- c:\programdata\Downloaded Installations
    2013-02-17 19:44 . 2013-02-17 19:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-17 19:44 . 2013-02-17 19:44 -------- d-----w- c:\users\Chris Novak\AppData\Roaming\LavasoftStatistics
    2013-02-16 10:51 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
    2013-02-16 10:51 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-02-16 10:51 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-02-16 10:51 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-02-16 10:50 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-02-16 10:50 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-02-16 10:50 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-02-16 10:50 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-02-16 10:50 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-02-16 10:50 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-02-16 10:50 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-02-16 10:46 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-02-16 10:46 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-02-16 10:46 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-02-16 10:46 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-02-16 10:46 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-02-16 10:46 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-02-16 10:46 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-02-14 00:23 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 00:23 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 00:21 . 2013-01-09 01:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-02-14 00:21 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-02-13 21:09 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 21:09 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 21:09 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 21:08 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 21:08 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 21:08 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 21:08 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 21:08 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 21:08 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 21:08 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 21:08 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 21:08 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-13 16:02 . 2013-02-13 16:02 -------- d-----w- c:\users\Chris Novak\AppData\Roaming\Runscanner.net
    2013-02-13 10:43 . 2013-02-13 10:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-02-02 11:00 . 2013-02-19 17:06 -------- d-----w- c:\program files (x86)\OperaNew
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-22 10:36 . 2012-06-16 20:46 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-02-22 10:36 . 2011-05-08 00:43 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-02-14 00:23 . 2009-10-31 03:22 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-17 01:28 . 2009-11-30 12:17 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-04 04:43 . 2013-02-13 21:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-22 08:48 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-22 08:48 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-22 08:48 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-22 08:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 15:02 . 2011-05-07 23:35 13048 ----a-w- c:\windows\system32\avgrssta.dll.prepare
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1255736]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-17 14456]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-15 834544]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-06-25 431488]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-23 20:14 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-11 09:19]
    .
    2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-11 09:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
    IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
    Notify-SDWinLogon - SDWinLogon.dll
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
    .
    .
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2013-03-01 17:44:15
    ComboFix-quarantined-files.txt 2013-03-01 17:43
    .
    Vor Suchlauf: 14 Verzeichnis(se), 72.747.720.704 Bytes frei
    Nach Suchlauf: 19 Verzeichnis(se), 73.160.982.528 Bytes frei
    .
    - - End Of File - - BEF6CA7482D65928A2F1EFB32DB55FB4
  6. 2013-03-01, 22:08 #6
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi novfan

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
ntdll.dll
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules