Virus aus Russland

RanaXT · 02.09.2011, 09:23

Hallo,

also ich habe mir vor kurzem (keine ahnung wie) einen Virus eingefangen. Ich hatte meinen Pc laufen und als ich wieder kam war auf einmal eine komische Datei auf dem Desktop. In der Detailbeschreibung war eine (ich glaube) Papierfabrik in Russland als Ursprung genannt und der Name etc. war auf russisch.

Ich habe also die Datei gelöscht. Darauf sind aber nacheinander immer wieder Windows Fenster aufgegangen, in denen ich aufgefordert wurde eine Installation zuzulassen -> natürlich abgelehnt. Weil das aber nicht aufhörte habe ich den Laptop ausgeschaltet und wieder hochgefahren. Das problem mit den Fenstern war nun weg, aber der Virus hat mein System trotzdem infiziert und legt es total lahm, das heißt der mein Pc läuft nurnoch verdammt langsam...

Habe daraufhin versucht mit verschiedenen Virenprogrammen was zu finden bzw. es zu lösen aber keine Chance.

Hier noch ein Bild das 2 der neuangelegten Systemstartprogramme zeigt.
Eslaufen auch einige rundll32.exe meh als sonst.

Ich hoffe ich habe alles richtig gemacht und Ihr könnt damit was anfangen und mir helfen...

Vielen dank schon mal im Voraus!

Swisstreasure · 02.09.2011, 09:46

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [TWebCamera] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{221117D1-1E1D-B216-55C2-9C982CB53E98}] File not found
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Michael\kbloadCF.dll (Корпорация Майкрософт;)
O4 - HKCU..\Run: [Uvixalosacevez] File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3OnlineTimer.lnk = File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll (Корпорация Майкрософт;)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = File not found
O33 - MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\Shell - "" = AutoRun
O33 - MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\Shell - "" = AutoRun
O33 - MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\Shell - "" = AutoRun
O33 - MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\Shell - "" = AutoRun
O33 - MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\Shell\AutoRun\command - "" = D:\Autorun.exe
MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

RanaXT · 02.09.2011, 10:52

OTL Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TWebCamera deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{221117D1-1E1D-B216-55C2-9C982CB53E98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{221117D1-1E1D-B216-55C2-9C982CB53E98}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool deleted successfully.
C:\Users\Michael\kbloadCF.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uvixalosacevez deleted successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3OnlineTimer.lnk moved successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll moved successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.
File G:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Uvixalosacevez\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemonTool\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 8068207 bytes
->Temporary Internet Files folder emptied: 4332146797 bytes
->Java cache emptied: 11800 bytes
->FireFox cache emptied: 76769173 bytes
->Flash cache emptied: 656 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 932940363 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 333 bytes
 
Total Files Cleaned = 5.102,00 mb
 
 
OTL by OldTimer - Version 3.2.27.0 log created on 09022011_113136

Files\Folders moved on Reboot...
File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DF7116.tmp not found!
File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DF8A56.tmp not found!
C:\Users\Michael\AppData\Local\Temp\Low\~DFBB61.tmp moved successfully.
File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DFD8DE.tmp not found!
File\Folder C:\Windows\temp\mcafee_3c1cEgUWFB35Boj not found!
File\Folder C:\Windows\temp\mcafee_S7MOwkWWuLUfhZG not found!
File\Folder C:\Windows\temp\mcmsc_bemWE91M9wlQeAd not found!
File\Folder C:\Windows\temp\mcmsc_wSUHtfcsAiPIrhd not found!
File\Folder C:\Windows\temp\mcmsc_YINnpWaMMA8Flni not found!
File\Folder C:\Windows\temp\sqlite_5fhrOdOGfCDLOfz not found!
File\Folder C:\Windows\temp\sqlite_cJwwA1SgdOsMiMZ not found!
File\Folder C:\Windows\temp\sqlite_Sa4c1Hj6BiyLwWt not found!
File\Folder C:\Windows\temp\sqlite_Tq028hkiBF2a34P not found!

Registry entries deleted on Reboot...

Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7635

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

02.09.2011 11:52:11
mbam-log-2011-09-02 (11-52-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 178774
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Michael\kbloadCF.dll (Trojan.Agent.WIMP) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanjdiskb96.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Michael\kbloadCF.dll (Trojan.Agent.WIMP) -> Quarantined and deleted successfully.

Swisstreasure · 02.09.2011, 15:13

Schritt 1

Wie läufts?

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

RanaXT · 02.09.2011, 16:33

Naja alles noch immer beim Alten soweit ich das feststellen kann.

habe das Ergebnis als zib angehängt.

wobei OTL die Datei Extras nicht selbst aufgemacht hat. Ich weis ja nicht ob das was bedeutet

Kann man schon sagen was das für eine Art von Virus ist, bzw. was es macht?

Swisstreasure · 02.09.2011, 16:34

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

RanaXT · 02.09.2011, 18:19

Jetzt ist es gerade so das ich einige Programme nur mit rechtsklick -> als Administrator ausführen öffnen kann. (z.B. I-explorer)

Hier mal die Logfile von Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-02 19:08:29
Windows 6.0.6002 Service Pack 2 
Running: rkojfyxl.exe


---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 0
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x63 0x6B 0x45 0x86 ...
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x29 0x4D 0x79 0xC1 ...
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x5D 0x31 0xB2 0x01 ...
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF5 0xD4 0xFA 0xD7 ...
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x63 0x6B 0x45 0x86 ...
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x29 0x4D 0x79 0xC1 ...
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x5D 0x31 0xB2 0x01 ...
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF5 0xD4 0xFA 0xD7 ...

---- Files - GMER 1.0.15 ----

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.dir         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.dir         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.dir         0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid         0 bytes

---- EOF - GMER 1.0.15 ----

Swisstreasure · 02.09.2011, 22:47

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

RanaXT · 03.09.2011, 16:37

Konnte heute leider nicht früher...

hier das Ergebnis:

Code:

ATTFilter

ComboFix 11-09-02.04 - Michael 03.09.2011  17:12:49.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.6108.4182 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-03 bis 2011-09-03  ))))))))))))))))))))))))))))))
.
.
2011-09-03 15:25 . 2011-09-03 15:28	--------	d-----w-	c:\users\Michael\AppData\Local\temp
2011-09-03 15:25 . 2011-09-03 15:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-02 09:41 . 2011-09-02 09:41	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 09:40 . 2011-09-02 09:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-02 09:40 . 2011-09-02 09:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 09:31 . 2011-09-02 09:31	--------	d-----w-	C:\_OTL
2011-09-02 05:25 . 2011-09-02 05:25	--------	d-----w-	C:\ProcAlyzer Dumps
2011-09-01 08:00 . 2011-09-01 07:07	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-09-01 07:07 . 2011-09-01 07:07	55384	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-09-01 07:03 . 2011-09-02 07:37	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-09-01 07:00 . 2011-08-18 13:25	69376	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-09-01 07:00 . 2011-09-01 07:00	--------	d-----w-	c:\program files (x86)\Lavasoft
2011-09-01 07:00 . 2011-09-01 07:00	--------	d-----w-	c:\programdata\Lavasoft
2011-08-28 17:18 . 2011-09-01 08:00	--------	d-----w-	c:\users\Michael\AppData\Roaming\Lufec
2011-08-28 09:29 . 2011-08-28 09:29	--------	dc-h--w-	c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\program files (x86)\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27	--------	dc-h--w-	c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\program files\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27	--------	dc-h--w-	c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\programdata\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\program files\Native Instruments
2011-08-24 15:32 . 2011-07-11 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-24 15:32 . 2011-07-11 13:25	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-23 12:07 . 2011-08-23 12:07	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-14 19:32 . 2011-08-24 18:35	16856	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-08-14 19:32 . 2011-08-24 18:35	719832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-08-10 20:36 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-06 10:59	2409784	----a-w-	c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-17 16:16	451072	----a-w-	c:\windows\system32\winsrv.dll
2011-08-10 20:36 . 2011-07-06 15:49	275456	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:36 . 2011-06-17 20:14	1427344	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-10 20:36 . 2011-06-20 08:45	4699536	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 07:57 . 2011-08-02 07:57	0	---ha-w-	c:\users\Michael\AppData\Local\BIT9937.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"NvCplDaemonTool"="c:\users\Michael\kbloadCF.dll" [2011-04-12 824320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-06-05 136600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scandisk.lnk - c:\windows\system32\rundll32.exe [2006-11-2 46592]
scanjdiskb96.dll [2011-4-12 824320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 cpuz130;cpuz130;c:\users\Michael\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 803696]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-06 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-03-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
2011-03-31 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3v3a52fx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-03  17:35:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-03 15:35
.
Vor Suchlauf: 13 Verzeichnis(se), 15.030.579.200 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 14.764.945.408 Bytes frei
.
- - End Of File - - E01066A4C82EC431D325F80E1155020B

Swisstreasure · 04.09.2011, 08:06

Melde mich am Abend wieder. Bin bei der Arbeit.

Swisstreasure · 04.09.2011, 17:45

Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"=-
File::
c:\users\Michael\kbloadCF.dll
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*scandisk*
:regfind
*sandisk*
:content
*scandisk*
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

RanaXT · 05.09.2011, 11:18

Dauert jetzt leider auch bei mir manchmal länger da ich auch arbeiten muss...

Hier die Files:

Code:

ATTFilter

ComboFix 11-09-04.03 - Michael 05.09.2011  11:17:32.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.6108.4334 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Michael\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
FILE ::
"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk"
"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll"
"c:\users\Michael\kbloadCF.dll"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll
c:\users\Michael\kbloadCF.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-05 bis 2011-09-05  ))))))))))))))))))))))))))))))
.
.
2011-09-05 09:28 . 2011-09-05 10:03	--------	d-----w-	c:\users\Michael\AppData\Local\temp
2011-09-05 09:28 . 2011-09-05 09:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-02 09:41 . 2011-09-02 09:41	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 09:40 . 2011-09-02 09:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-02 09:40 . 2011-09-02 09:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 09:31 . 2011-09-02 09:31	--------	d-----w-	C:\_OTL
2011-09-02 05:25 . 2011-09-02 05:25	--------	d-----w-	C:\ProcAlyzer Dumps
2011-09-01 08:00 . 2011-09-01 07:07	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-09-01 07:07 . 2011-09-01 07:07	55384	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-09-01 07:03 . 2011-09-02 07:37	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-09-01 07:00 . 2011-08-18 13:25	69376	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-09-01 07:00 . 2011-09-01 07:00	--------	d-----w-	c:\program files (x86)\Lavasoft
2011-09-01 07:00 . 2011-09-01 07:00	--------	d-----w-	c:\programdata\Lavasoft
2011-08-28 17:18 . 2011-09-01 08:00	--------	d-----w-	c:\users\Michael\AppData\Roaming\Lufec
2011-08-28 09:29 . 2011-08-28 09:29	--------	dc-h--w-	c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\program files (x86)\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27	--------	dc-h--w-	c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\program files\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27	--------	dc-h--w-	c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\programdata\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27	--------	d-----w-	c:\program files\Native Instruments
2011-08-24 15:32 . 2011-07-11 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-24 15:32 . 2011-07-11 13:25	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-23 12:07 . 2011-08-23 12:07	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-14 19:32 . 2011-08-24 18:35	16856	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-08-14 19:32 . 2011-08-24 18:35	719832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-08-10 20:36 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-06 10:59	2409784	----a-w-	c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-17 16:16	451072	----a-w-	c:\windows\system32\winsrv.dll
2011-08-10 20:36 . 2011-07-06 15:49	275456	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:36 . 2011-06-17 20:14	1427344	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-10 20:36 . 2011-06-20 08:45	4699536	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 07:57 . 2011-08-02 07:57	0	---ha-w-	c:\users\Michael\AppData\Local\BIT9937.tmp
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-09-03_15.27.54   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-09-03 12:36	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-05 08:47	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-03 12:36	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-05 08:47	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-05 08:47	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-03 12:36	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-05 08:44	76714              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-09-06 09:12 . 2011-09-05 08:44	19482              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670276443-3452161126-3766956368-1000_UserData.bin
- 2009-09-05 09:47 . 2011-09-03 15:27	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 09:47 . 2011-09-05 10:03	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 09:47 . 2011-09-05 10:03	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 09:47 . 2011-09-03 15:27	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 09:47 . 2011-09-05 10:03	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-05 09:47 . 2011-09-03 15:27	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-03 15:27 . 2011-09-03 15:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 09:30 . 2011-09-05 09:30	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 09:30 . 2011-09-05 09:30	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 15:27 . 2011-09-03 15:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-05 10:20 . 2011-09-04 10:21	602906              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2011-09-05 08:44	128404              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2011-09-03 15:08	595996              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-05 09:36	595996              c:\windows\system32\perfh009.dat
- 2008-01-21 11:09 . 2011-09-03 15:08	628742              c:\windows\system32\perfh007.dat
+ 2008-01-21 11:09 . 2011-09-05 09:36	628742              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2011-09-05 09:36	104070              c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-09-03 15:08	104070              c:\windows\system32\perfc009.dat
- 2008-01-21 11:09 . 2011-09-03 15:08	126454              c:\windows\system32\perfc007.dat
+ 2008-01-21 11:09 . 2011-09-05 09:36	126454              c:\windows\system32\perfc007.dat
- 2010-06-21 20:16 . 2011-09-03 15:26	314576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-21 20:16 . 2011-09-05 09:29	314576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-09-05 09:23 . 2011-09-05 09:29	2079256              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-09-05 09:23 . 2011-09-03 15:26	2079256              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-06-21 20:16 . 2011-09-03 15:26	1592444              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-8192.dat
+ 2010-06-21 20:16 . 2011-09-05 09:29	1592444              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-8192.dat
- 2011-08-23 21:29 . 2011-09-03 15:26	1988832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-12288.dat
+ 2011-08-23 21:29 . 2011-09-05 09:29	1988832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-12288.dat
+ 2011-05-10 21:24 . 2011-09-05 09:29	29671948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-4096.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-06-05 136600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0004421315213822mcinstcleanup;McAfee Application Installer Cleanup (0004421315213822);c:\windows\TEMP\000442~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 cpuz130;cpuz130;c:\users\Michael\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 803696]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-06 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-03-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
2011-03-31 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3v3a52fx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-05  12:07:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-05 10:07
ComboFix2.txt  2011-09-03 15:35
.
Vor Suchlauf: 16 Verzeichnis(se), 14.395.842.560 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 14.227.410.944 Bytes frei
.
- - End Of File - - 16EB90936F9B95E85646BC0C999A585F

Look:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 12:15 on 05/09/2011 by Michael
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*scandisk*"
C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk.vir	--a---- 901 bytes	[10:11 04/09/2011]	[09:08 05/09/2011] EE98638E7379438B9613E500882A0CF8
C:\Windows\pss\scandisk.lnk.Startup	------- 901 bytes	[05:28 01/09/2011]	[15:04 02/09/2011] EE98638E7379438B9613E500882A0CF8

========== regfind ==========

Searching for "*sandisk*"
No data found.

Invalid Context: content

No Context: *scandisk*

No Context:          

-= EOF =-

Swisstreasure · 05.09.2011, 22:23

Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

RanaXT · 06.09.2011, 14:31

Ich bekomme nur eine logfile keine xtras
achja und ich muss aufteilen weil tb hängt sich sonst immer auf:

Code:

ATTFilter

OTL logfile created on: 06.09.2011 14:41:11 - Run 3
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Michael\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,38 Gb Available Physical Memory | 73,47% Memory free
12,12 Gb Paging File | 10,29 Gb Available in Paging File | 84,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 13,22 Gb Free Space | 7,10% Space Free | Partition Type: NTFS
Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
 
Computer Name: LT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.02 09:44:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2011.08.23 14:07:42 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.17 10:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009.07.10 03:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
PRC - [2009.07.10 00:26:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee.com\agent\mcagent.exe
PRC - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
PRC - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
PRC - [2009.05.12 22:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009.04.16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009.03.30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009.03.19 19:57:32 | 002,532,680 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.03.10 18:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009.03.06 17:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.02.03 15:07:50 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2009.01.26 13:58:42 | 000,700,416 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2009.01.07 11:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.11.26 19:26:48 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe
PRC - [2008.07.24 11:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.03.30 18:08:06 | 001,034,784 | ---- | M] () -- C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.04.24 11:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.04.21 22:07:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.04.15 17:08:20 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.03.17 11:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.03.06 18:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008.09.15 14:35:20 | 000,564,536 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007.11.21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011.09.01 09:07:03 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.08.18 20:23:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011.02.16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.10 03:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009.07.08 15:15:04 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009.07.08 13:37:28 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009.07.08 13:11:52 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009.04.16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009.04.01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.03.30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.17 14:37:10 | 000,189,808 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.03.12 17:50:12 | 000,117,248 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009.03.06 17:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.02.11 13:05:16 | 000,242,424 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Disabled | Stopped] -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.04.04 19:30:00 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.07.30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.11.09 14:15:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009.07.08 13:44:14 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.07.08 13:44:14 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.07.08 13:44:14 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.07.08 13:37:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.24 14:29:40 | 000,206,336 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.04.21 23:30:46 | 005,356,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.08 16:36:40 | 000,138,592 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.03.25 17:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.03.23 17:28:30 | 000,056,320 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.03.23 16:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.03.20 16:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.03.19 14:07:46 | 000,052,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009.03.18 11:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009.03.12 11:33:06 | 000,020,992 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.03.05 11:03:34 | 000,088,576 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.03.03 15:34:54 | 000,045,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.02.19 16:20:18 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.01.27 19:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008.12.30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008.11.17 07:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.11.11 18:30:12 | 000,189,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.10.28 12:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw)
DRV:64bit: - [2008.10.06 17:56:58 | 000,173,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.13 11:30:06 | 000,669,696 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dvb7700all.sys -- (mod7700)
DRV:64bit: - [2008.04.29 01:56:00 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2008.04.25 09:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2008.04.25 07:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.03.25 13:54:26 | 000,049,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)
DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007.12.11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007.11.09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007.09.04 10:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2006.10.23 16:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV - [2008.05.07 11:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.01 07:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.24 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 20:18:33 | 000,000,000 | ---D | M]
 
[2009.09.15 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.09.04 11:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions
[2009.09.15 13:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.20 15:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.15 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.01 07:26:25 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011.08.14 21:32:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.14 21:32:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.14 21:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.14 21:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.14 21:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.05 12:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

RanaXT · 06.09.2011, 14:32

Teil 2:

Code:

ATTFilter

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaPCInternetAccess - hkey= - key= - C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia)
MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: TPCHWMsg - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WrtMon.exe - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.05 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2011.09.05 12:03:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.09.05 11:06:08 | 004,194,092 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.09.03 17:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.09.03 17:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.09.03 17:10:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.09.03 17:10:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.09.03 17:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.02 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011.09.02 11:40:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.02 11:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.02 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 11:40:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.02 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.02 11:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.02 09:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.09.02 07:25:55 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011.09.01 09:07:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.01 09:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.09.01 09:00:58 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.09.01 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.08.28 19:18:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lufec
[2011.08.28 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Native Instruments
[2011.08.28 11:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
[2011.08.28 11:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2011.08.28 11:27:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2011.08.28 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011.08.28 11:27:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 13:46:59 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.06 13:46:59 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.06 13:46:59 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.06 13:46:59 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.06 13:46:59 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.06 13:41:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
[2011.09.06 13:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 13:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 13:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.06 13:41:29 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.05 19:22:22 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.09.05 12:14:42 | 000,139,264 | ---- | M] () -- C:\Users\Michael\Desktop\SystemLook.exe
[2011.09.05 12:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.09.05 11:06:20 | 004,194,092 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.09.02 17:39:26 | 000,302,592 | ---- | M] () -- C:\Users\Michael\Desktop\rkojfyxl.exe
[2011.09.02 11:40:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 09:57:28 | 000,672,398 | ---- | M] () -- C:\Users\Michael\Neue Bitmap.bmp
[2011.09.02 09:36:33 | 000,000,020 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011.09.02 09:36:16 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.09.02 09:31:42 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.09.01 09:07:31 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.01 09:07:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.09.01 09:01:00 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.08.28 11:29:06 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011.08.28 11:27:41 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011.08.28 11:27:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011.08.20 19:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
[2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.05 12:14:42 | 000,139,264 | ---- | C] () -- C:\Users\Michael\Desktop\SystemLook.exe
[2011.09.03 17:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.03 17:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.03 17:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.03 17:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.03 17:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.02 17:39:24 | 000,302,592 | ---- | C] () -- C:\Users\Michael\Desktop\rkojfyxl.exe
[2011.09.02 11:40:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 09:54:33 | 000,672,398 | ---- | C] () -- C:\Users\Michael\Neue Bitmap.bmp
[2011.09.02 09:36:33 | 000,000,020 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011.09.02 09:36:11 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.09.02 09:30:36 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.09.01 10:00:11 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.09.01 09:01:00 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.08.28 11:29:06 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011.08.28 11:27:41 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011.08.28 11:27:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2010.09.20 20:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2010.06.10 10:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.04.29 00:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.12 18:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.07 15:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.09.22 21:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png
[2009.09.17 08:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.09.15 14:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.15 14:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.15 14:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.15 13:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 13:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 11:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.09.05 11:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.05 09:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.02 02:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2010.03.15 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite
[2011.04.04 19:31:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Pro
[2009.11.09 14:28:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DassaultSystemes
[2011.07.20 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.07.20 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.01 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lufec
[2009.11.17 23:05:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\myphotobook
[2011.03.13 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2011.03.13 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite
[2011.03.13 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2009.09.22 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.05.12 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TOSHIBA
[2010.12.15 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TrafficMonitor
[2011.06.09 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2011.01.03 11:52:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Web Page Maker
[2011.03.15 01:59:59 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.04.01 01:33:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.09.05 19:22:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.09.05 12:03:15 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009.06.05 11:19:58 | 000,000,000 | ---D | M] -- C:\1033
[2009.09.17 09:21:46 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.05 11:47:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.02.16 17:59:11 | 000,000,000 | ---D | M] -- C:\Games
[2009.06.05 10:22:13 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.05 11:20:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.02 07:25:55 | 000,000,000 | ---D | M] -- C:\ProcAlyzer Dumps
[2011.08.28 11:27:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.02 19:10:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.03 17:25:14 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.09.05 11:47:02 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.05 12:07:42 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.06 14:43:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.05 11:58:35 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.11.20 10:19:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.06 13:43:01 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.05 11:18:08 | 000,000,000 | ---D | M] -- C:\Works
[2011.09.02 11:31:36 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

04.09.2011, 08:06	#10
Swisstreasure /// Malwareteam	Virus aus Russland Melde mich am Abend wieder. Bin bei der Arbeit.

Virus aus Russland

Plagegeister aller Art und deren Bekämpfung: Virus aus Russland