Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1)

bersdod · 29.12.2011, 11:38

Hi zusammen,

bin hier noch ein Frischling, also bitte mit Geduld, wenn ich nicht gleich was verstehe.

Zu meinen Problem: Ich habe gestern festgestellt, das Outlook 2007 Spam E-Mails an mein Adressbuch versendet. Darauf habe ich das senden erst mal unterbunden. Muss ja nicht mehr werden.

Habe dann verschieden Programme laufen lassen. Die Logfiles sind als .zip anbei. System ist außerdem Windows 7 Ultimate 64 Bit SP1.

Privat:

Windows Tool zum entfernen bösartiger Software
Avast
Spybot S&D

Nach Forum:

Defogger (Nach Forumsanleitung)
OTL (hab kein Quickscan, sondern einen kompletten Scan machen lassen, es hat sonst kein Extra Log erstellt)

Nach diesen Thema:
http://www.trojaner-board.de/97040-a...tlook2007.html

MBR.exe (sieht irgendwie aus, als wenn das nicht funktioniert hat)
HijackThis 2.0.4
HJTscanlist.zip
CCleaner (Installierte Programme)
Temp gelöscht
SUPERAntiSpyware FREE Edition
ESET Online Scanner
Anzeigen von E-Mail-Nachrichten im Nur-Text-Format

Ich habe jetzt selber nicht wirklich was schlimmes gefunden, habe aber auch nicht das Fachwissen wie ihr. Könntet ihr mal bitte drüber schauen und checken. Bei Fragen fragen.
Die Datei Programm_beenden.bat im Autostart ist meine Datei. Die .zip Datei lösche ich wieder, sobald das hier erledigt ist.

Viele Grüße und Danke für die Hilfe

cosinus · 29.12.2011, 17:54

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

bersdod · 30.12.2011, 01:53

Hi Cosinos,

vielen Dank für deine Hilfe. Anbei das Logfile von Malwarebytes. Sieht alles gut aus, nichts gefunden.

Viele Grüße
Dennis

cosinus · 30.12.2011, 18:07

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

bersdod · 31.12.2011, 09:41

Hi Cosinus,

nein, ich kannte Malwarebytes voher überhaupt nicht und habe damit noch nie Scans dürchgeführt.

Guten Rutsch

cosinus · 31.12.2011, 15:46

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

bersdod · 01.01.2012, 11:56

Frohes neues Jahr wünsche ich,

hier das Logfile von OTL.

Code:

ATTFilter

OTL logfile created on: 01.01.2012 10:27:56 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Norbert das Notebook\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,48% Memory free
15,00 Gb Paging File | 13,85 Gb Available in Paging File | 92,34% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,51 Gb Total Space | 35,28 Gb Free Space | 31,64% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 26,35 Gb Free Space | 52,69% Space Free | Partition Type: NTFS
Drive E: | 20,02 Gb Total Space | 12,88 Gb Free Space | 64,35% Space Free | Partition Type: NTFS
Drive F: | 40,04 Gb Total Space | 10,17 Gb Free Space | 25,41% Space Free | Partition Type: NTFS
Drive L: | 3,76 Gb Total Space | 0,10 Gb Free Space | 2,61% Space Free | Partition Type: NTFS
 
Computer Name: NORBERTDASNOTEB | User Name: Norbert das Notebook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.28 17:45:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Norbert das Notebook\Desktop\OTL.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.03.25 16:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.11.26 15:52:38 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011.03.29 11:46:02 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe -- (mcShoutCastECommerceService)
SRV:64bit: - [2011.03.29 11:45:50 | 000,007,680 | ---- | M] (Sörnt Poppe) [Auto | Running] -- C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe -- (mcShoutCastLauraFM)
SRV:64bit: - [2011.03.29 11:45:12 | 000,066,560 | ---- | M] (Sörnt Poppe) [Auto | Running] -- C:\Program Files\mcShoutCast\ShoutCastProxyService.exe -- (mcShoutCastProxy)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2000.01.01 01:00:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.04.09 20:08:49 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2011.03.25 16:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.11.26 15:52:38 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.11.02 12:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.11.02 12:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.11.02 12:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.11 19:17:36 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.08.17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.08.17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.13 12:40:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.08.13 12:40:10 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.08.13 12:40:10 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.08.13 12:40:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.08.13 12:40:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.04.10 07:27:39 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011.03.30 12:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 01:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.09 02:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.01.26 06:16:00 | 000,087,040 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.11.29 22:35:00 | 000,072,320 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SCLx64.sys -- (SCLx64)
DRV:64bit: - [2009.10.21 23:46:04 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.13 10:05:10 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.08.03 04:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2000.01.01 01:00:00 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.11.23 14:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Norbert das Notebook\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bits21.de/63_Home.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 0F 81 AB EC 28 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "https://encrypted.google.com/webhp?hl=de"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011.11.04 21:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.23 18:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.04 21:33:06 | 000,000,000 | ---D | M]
 
[2011.12.23 19:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Extensions
[2011.12.23 19:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions
[2011.11.30 12:43:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.30 12:43:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.02 21:28:06 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\https-everywhere@eff.org
[2011.12.23 19:40:35 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de
[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\searchplugins\askcom.xml
[2011.11.30 11:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI
() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\NOIA4OPTIONS@ARIST2.XPI
[2011.12.23 18:54:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.23 18:54:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.23 18:54:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.23 18:54:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.23 18:54:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 18:54:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.23 18:54:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.28 16:37:07 | 000,440,051 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15128 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D99F00B5-8770-4A4A-AACA-1C54724BC71A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.01 10:15:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Norbert das Notebook\Desktop\OTL.exe
[2011.12.31 14:49:39 | 000,000,000 | ---D | C] -- C:\...Browser
[2011.12.31 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2011.12.31 12:09:06 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2011.12.31 12:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2011.12.31 11:51:55 | 000,000,000 | ---D | C] -- C:\Users\Norbert das Notebook\Desktop\Bilder vom Handy
[2011.12.31 11:45:30 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2011.12.31 11:45:30 | 000,098,616 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2011.12.29 18:12:57 | 000,000,000 | ---D | C] -- C:\Users\Norbert das Notebook\AppData\Roaming\Malwarebytes
[2011.12.29 18:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.28 18:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.12.22 18:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.12.17 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011.12.16 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.12.16 22:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.16 22:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.12.13 09:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys
[2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys
[2011.12.02 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.04.10 07:27:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Norbert das Notebook\AppData\Roaming\pcouffin.sys
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Norbert das Notebook\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Norbert das Notebook\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Norbert das Notebook\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Norbert das Notebook\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.01 10:26:31 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 10:26:31 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 10:18:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.01 10:18:08 | 2413,588,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.01 10:17:22 | 000,000,188 | ---- | M] () -- C:\Users\Norbert das Notebook\defogger_reenable
[2011.12.31 15:53:48 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.31 15:53:48 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.31 15:53:48 | 000,655,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.31 15:53:48 | 000,150,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.31 15:53:48 | 000,122,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.31 12:05:17 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job
[2011.12.31 11:39:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.12.31 11:34:30 | 001,603,578 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.29 19:00:00 | 000,092,160 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2011.12.28 17:45:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Norbert das Notebook\Desktop\OTL.exe
[2011.12.28 17:09:16 | 000,050,477 | ---- | M] () -- C:\Users\Norbert das Notebook\Desktop\Defogger.exe
[2011.12.28 16:37:07 | 000,440,051 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.28 11:28:58 | 000,002,032 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.12.24 12:16:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.12.23 19:04:22 | 000,439,997 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111228-163707.backup
[2011.12.20 07:43:15 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.12.16 23:12:58 | 000,429,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.16 22:20:08 | 000,438,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111223-190422.backup
[2011.12.13 19:25:20 | 000,406,149 | ---- | M] () -- C:\Users\Norbert das Notebook\Desktop\Waschmachinentest.pdf
[2011.12.09 22:19:57 | 000,438,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111216-222008.backup
[2011.12.09 22:10:12 | 000,001,057 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2011.12.07 19:37:18 | 000,148,992 | ---- | M] ( ) -- C:\Windows\SysNative\lagarith.dll
[2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys
[2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys
[2011.12.04 18:05:42 | 000,002,155 | ---- | M] () -- C:\Users\Norbert das Notebook\.recently-used.xbel
[2011.12.02 21:49:19 | 000,438,886 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111209-221957.backup
 
========== Files Created - No Company Name ==========
 
[2012.01.01 10:17:22 | 000,000,188 | ---- | C] () -- C:\Users\Norbert das Notebook\defogger_reenable
[2012.01.01 10:17:16 | 000,050,477 | ---- | C] () -- C:\Users\Norbert das Notebook\Desktop\Defogger.exe
[2011.12.31 12:09:06 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2011.12.31 12:09:05 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011.12.24 12:16:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.12.13 19:25:53 | 000,406,149 | ---- | C] () -- C:\Users\Norbert das Notebook\Desktop\Waschmachinentest.pdf
[2011.12.04 18:05:42 | 000,002,155 | ---- | C] () -- C:\Users\Norbert das Notebook\.recently-used.xbel
[2011.08.06 14:00:25 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.08.06 13:57:09 | 000,000,076 | RHS- | C] () -- C:\Windows\CT6STET.BIN
[2011.08.06 13:27:43 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2011.08.06 13:27:43 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2011.07.20 10:44:32 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011.07.20 10:44:32 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.07.10 07:24:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.07.10 07:19:14 | 000,000,412 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\All CPU Meter_Settings.ini
[2011.05.15 11:02:35 | 000,008,192 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.10 17:53:47 | 001,603,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.10 11:33:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.10 10:47:38 | 000,001,470 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\RecConfig.xml
[2011.04.10 07:58:50 | 000,002,032 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.04.10 07:37:33 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.04.10 07:28:39 | 000,000,668 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\vso_ts_preview.xml
[2011.04.10 07:27:39 | 000,099,384 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\inst.exe
[2011.04.10 07:27:39 | 000,007,859 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\pcouffin.cat
[2011.04.10 07:27:39 | 000,001,167 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\pcouffin.inf
[2011.04.10 07:00:34 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.04.10 07:00:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C1725C330F.sys
[2011.04.09 18:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\lame_enc.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2011.12.22 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ashampoo
[2011.04.25 17:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\ATViewer
[2011.12.03 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Canon
[2011.11.11 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Degener
[2012.01.01 10:18:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox
[2011.07.09 16:36:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoft
[2011.07.03 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.09 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\GoodSync
[2011.12.04 18:05:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\gtk-2.0
[2011.04.21 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Jumping Bytes
[2011.08.06 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MAGIX
[2011.12.28 08:27:32 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Mp3tag
[2011.07.22 07:52:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MusicBrainz
[2011.05.01 07:13:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\NetDrive
[2011.08.13 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Nokia
[2011.10.20 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Origin
[2011.04.16 09:38:43 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PC Suite
[2011.09.09 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\pdfforge
[2011.04.17 01:17:29 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PersBackup5
[2011.04.10 07:57:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\r2 Studios
[2011.05.29 05:49:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung
[2011.05.01 07:31:39 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Scooter Software
[2011.07.09 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\TeamViewer
[2011.11.22 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ubisoft
[2011.07.19 07:34:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Vso
[2011.12.31 12:05:17 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job
[2009.07.14 06:08:49 | 000,002,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.07.11 19:43:58 | 000,000,226 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job
[2011.09.30 17:40:09 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{096AF312-8FC6-44BF-92BF-CE111AF67655}.job
[2011.06.18 07:50:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{0993BFD3-6844-4CCE-978C-3761ADD0B58E}.job
[2011.09.03 06:42:04 | 000,000,628 | ---- | M] () -- C:\Windows\Tasks\{1D33F353-784C-44D5-A9A0-2323EC750121}.job
[2011.08.06 09:27:10 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{23E5264E-94F3-4575-AA22-91F5822E4175}.job
[2011.09.18 12:17:14 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{29ABF350-98FF-42FB-B6F5-09EFCF6E66BB}.job
[2011.10.14 10:44:33 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2F6AB046-E358-489E-ACC2-6AE56B7781F0}.job
[2011.08.27 13:28:41 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{5E90278D-2B9F-478A-B64A-9E259072B350}.job
[2011.09.18 12:21:20 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{9D0E06D3-C552-4855-8ECB-40B04963E012}.job
[2011.05.29 05:59:21 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{BC6E7F5F-006F-4E8F-AFE9-E0F75E545417}.job
[2011.04.21 22:04:59 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{C0D0A311-38AB-48A7-A92E-7BFB24A540C2}.job
[2011.06.18 07:51:03 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{CD3A5803-3BC5-43D3-B22D-4BBD59F0ACC7}.job
[2011.09.03 06:46:44 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{E6A15DB2-09B9-47EA-B1F3-B88CA9F237F0}.job
[2011.07.30 20:10:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{EE90ECB5-4EEA-4167-A87D-01098557302F}.job
[2011.08.06 09:29:05 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{F46FE655-8674-45CB-A0C1-D1F2BBF35F05}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.10 08:12:54 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Adobe
[2011.10.28 19:53:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Apple Computer
[2011.12.22 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ashampoo
[2011.04.09 20:17:37 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\ATI
[2011.04.25 17:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\ATViewer
[2011.12.03 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Canon
[2011.04.10 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Corel
[2011.11.11 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Degener
[2012.01.01 10:18:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox
[2011.07.09 16:36:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoft
[2011.07.03 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.10 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\FastStone
[2011.05.09 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\GoodSync
[2011.12.04 18:05:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\gtk-2.0
[2011.04.09 18:52:10 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Identities
[2011.08.06 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\InstallShield
[2011.06.11 07:15:45 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Intel
[2011.04.21 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Jumping Bytes
[2011.04.09 20:39:57 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Macromedia
[2011.08.06 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MAGIX
[2011.12.29 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Media Center Programs
[2011.07.22 08:07:47 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Media Player Classic
[2011.07.19 11:12:01 | 000,000,000 | --SD | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft
[2012.01.01 09:07:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla
[2011.12.28 08:27:32 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Mp3tag
[2011.07.22 07:52:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MusicBrainz
[2011.05.01 07:13:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\NetDrive
[2011.08.13 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Nokia
[2011.10.20 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Origin
[2011.04.16 09:38:43 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PC Suite
[2011.09.09 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\pdfforge
[2011.04.17 01:17:29 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PersBackup5
[2011.04.10 07:57:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\r2 Studios
[2011.05.29 05:49:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung
[2011.05.01 07:31:39 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Scooter Software
[2011.12.22 22:37:11 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Skype
[2011.06.17 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\skypePM
[2011.07.09 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\TeamViewer
[2011.11.22 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ubisoft
[2011.07.19 07:34:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Vso
[2011.04.09 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.07.19 07:34:01 | 000,099,384 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\inst.exe
[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 20:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.11 06:19:49 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.04.10 07:22:17 | 000,003,262 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2011.04.10 07:22:17 | 000,010,134 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2011.08.06 13:27:51 | 000,010,134 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{B375D641-9644-E4F6-963C-8CB3097C9F02}\ARPPRODUCTICON.exe
[2011.04.14 20:06:34 | 000,010,134 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.12.08 02:33:24 | 000,935,824 | ---- | M] (Samsung) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.12.08 02:33:28 | 000,278,928 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.29 08:44:38 | 000,292,864 | ---- | M] (Samsung) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.12.08 02:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.11.29 08:40:26 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.11.29 08:40:26 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.12.06 08:35:14 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.29 08:40:26 | 000,110,080 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ErrorReport.exe
[2011.12.08 02:33:30 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.12.06 08:35:10 | 000,106,408 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.12.06 08:35:10 | 000,101,288 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.12.08 02:33:34 | 000,131,984 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.12.08 02:33:36 | 003,569,984 | ---- | M] (Freeware) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.29 08:37:46 | 024,114,392 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.12.08 02:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.27 15:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:A18D1A5B

< End of report >

Vielen Dank für deine Hilfe.

cosinus · 02.01.2012, 12:17

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Norbert das Notebook\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bits21.de/63_Home.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 0F 81 AB EC 28 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "https://encrypted.google.com/webhp?hl=de"
[2011.12.23 19:40:35 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de
[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\searchplugins\askcom.xml
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
[2011.09.30 17:40:09 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{096AF312-8FC6-44BF-92BF-CE111AF67655}.job
[2011.06.18 07:50:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{0993BFD3-6844-4CCE-978C-3761ADD0B58E}.job
[2011.09.03 06:42:04 | 000,000,628 | ---- | M] () -- C:\Windows\Tasks\{1D33F353-784C-44D5-A9A0-2323EC750121}.job
[2011.08.06 09:27:10 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{23E5264E-94F3-4575-AA22-91F5822E4175}.job
[2011.09.18 12:17:14 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{29ABF350-98FF-42FB-B6F5-09EFCF6E66BB}.job
[2011.10.14 10:44:33 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2F6AB046-E358-489E-ACC2-6AE56B7781F0}.job
[2011.08.27 13:28:41 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{5E90278D-2B9F-478A-B64A-9E259072B350}.job
[2011.09.18 12:21:20 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{9D0E06D3-C552-4855-8ECB-40B04963E012}.job
[2011.05.29 05:59:21 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{BC6E7F5F-006F-4E8F-AFE9-E0F75E545417}.job
[2011.04.21 22:04:59 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{C0D0A311-38AB-48A7-A92E-7BFB24A540C2}.job
[2011.06.18 07:51:03 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{CD3A5803-3BC5-43D3-B22D-4BBD59F0ACC7}.job
[2011.09.03 06:46:44 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{E6A15DB2-09B9-47EA-B1F3-B88CA9F237F0}.job
[2011.07.30 20:10:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{EE90ECB5-4EEA-4167-A87D-01098557302F}.job
[2011.08.06 09:29:05 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{F46FE655-8674-45CB-A0C1-D1F2BBF35F05}.job
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:A18D1A5B
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

bersdod · 02.01.2012, 12:55

Habe dein Script ausgeführt, anbei das Log. Verstehe aber noch nicht so recht, was das macht.

Da muss ich blind vertrauen.

Den Avast Vierenscanner konnte ich nur deaktivieren. Nach beendigung der Prozesse sind die immer gleich wieder gestartet worden.

Hattest du denn eigentlich irgendwas gefunden gehabt?

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Download Directory| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultengine
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: true removed from browser.search.openintab
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "https://encrypted.google.com/webhp?hl=de" removed from browser.startup.homepage
C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\skin\img folder moved successfully.
C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\skin folder moved successfully.
C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\locale\de-DE folder moved successfully.
C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\locale folder moved successfully.
C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\content folder moved successfully.
C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de folder moved successfully.
C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\searchplugins\askcom.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Programme\Java\jre7\bin\jp2ssv.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.
C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.
C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ not found.
File H:\autorun.exe not found.
C:\Windows\Tasks\{096AF312-8FC6-44BF-92BF-CE111AF67655}.job moved successfully.
C:\Windows\Tasks\{0993BFD3-6844-4CCE-978C-3761ADD0B58E}.job moved successfully.
C:\Windows\Tasks\{1D33F353-784C-44D5-A9A0-2323EC750121}.job moved successfully.
C:\Windows\Tasks\{23E5264E-94F3-4575-AA22-91F5822E4175}.job moved successfully.
C:\Windows\Tasks\{29ABF350-98FF-42FB-B6F5-09EFCF6E66BB}.job moved successfully.
C:\Windows\Tasks\{2F6AB046-E358-489E-ACC2-6AE56B7781F0}.job moved successfully.
C:\Windows\Tasks\{5E90278D-2B9F-478A-B64A-9E259072B350}.job moved successfully.
C:\Windows\Tasks\{9D0E06D3-C552-4855-8ECB-40B04963E012}.job moved successfully.
C:\Windows\Tasks\{BC6E7F5F-006F-4E8F-AFE9-E0F75E545417}.job moved successfully.
C:\Windows\Tasks\{C0D0A311-38AB-48A7-A92E-7BFB24A540C2}.job moved successfully.
C:\Windows\Tasks\{CD3A5803-3BC5-43D3-B22D-4BBD59F0ACC7}.job moved successfully.
C:\Windows\Tasks\{E6A15DB2-09B9-47EA-B1F3-B88CA9F237F0}.job moved successfully.
C:\Windows\Tasks\{EE90ECB5-4EEA-4167-A87D-01098557302F}.job moved successfully.
C:\Windows\Tasks\{F46FE655-8674-45CB-A0C1-D1F2BBF35F05}.job moved successfully.
ADS C:\ProgramData\TEMP:A18D1A5B deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Norbert das Notebook
->Temp folder emptied: 417248 bytes
->Temporary Internet Files folder emptied: 9095167 bytes
->Java cache emptied: 897444 bytes
->FireFox cache emptied: 54214090 bytes
->Flash cache emptied: 56967 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23426319 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 748 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 84,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_124515

Files\Folders moved on Reboot...
C:\Users\Norbert das Notebook\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 02.01.2012, 14:13

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

bersdod · 02.01.2012, 14:36

Wie angefordert der Report.

Findet aber auch nichts.

Edit: unhide benötige ich meiner Meinung nicht, ich kann meines Wissens auf alles Zugreifen oder soll ich das vorsichtshalber durchführen?

Code:

ATTFilter

14:21:10.0776 2180	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:21:10.0999 2180	============================================================
14:21:11.0000 2180	Current date / time: 2012/01/02 14:21:10.0999
14:21:11.0000 2180	SystemInfo:
14:21:11.0000 2180	
14:21:11.0000 2180	OS Version: 6.1.7601 ServicePack: 1.0
14:21:11.0000 2180	Product type: Workstation
14:21:11.0000 2180	ComputerName: NORBERTDASNOTEB
14:21:11.0001 2180	UserName: Norbert das Notebook
14:21:11.0001 2180	Windows directory: C:\Windows
14:21:11.0001 2180	System windows directory: C:\Windows
14:21:11.0001 2180	Running under WOW64
14:21:11.0001 2180	Processor architecture: Intel x64
14:21:11.0001 2180	Number of processors: 2
14:21:11.0001 2180	Page size: 0x1000
14:21:11.0001 2180	Boot type: Normal boot
14:21:11.0001 2180	============================================================
14:21:11.0985 2180	Initialize success
14:23:40.0730 5524	============================================================
14:23:40.0730 5524	Scan started
14:23:40.0730 5524	Mode: Manual; SigCheck; TDLFS; 
14:23:40.0730 5524	============================================================
14:23:41.0058 5524	1394ohci - ok
14:23:41.0074 5524	ACPI - ok
14:23:41.0074 5524	AcpiPmi - ok
14:23:41.0089 5524	adp94xx - ok
14:23:41.0105 5524	adpahci - ok
14:23:41.0105 5524	adpu320 - ok
14:23:41.0120 5524	AFD - ok
14:23:41.0136 5524	agp440 - ok
14:23:41.0136 5524	aliide - ok
14:23:41.0152 5524	amdide - ok
14:23:41.0167 5524	AmdK8 - ok
14:23:41.0167 5524	AmdPPM - ok
14:23:41.0183 5524	amdsata - ok
14:23:41.0183 5524	amdsbs - ok
14:23:41.0183 5524	amdxata - ok
14:23:41.0214 5524	androidusb - ok
14:23:41.0245 5524	AnyDVD - ok
14:23:41.0261 5524	ApfiltrService - ok
14:23:41.0276 5524	AppID - ok
14:23:41.0292 5524	arc - ok
14:23:41.0292 5524	arcsas - ok
14:23:41.0323 5524	aswFsBlk - ok
14:23:41.0323 5524	aswMonFlt - ok
14:23:41.0339 5524	aswRdr - ok
14:23:41.0339 5524	aswSnx - ok
14:23:41.0339 5524	aswSP - ok
14:23:41.0354 5524	aswTdi - ok
14:23:41.0354 5524	AsyncMac - ok
14:23:41.0354 5524	atapi - ok
14:23:41.0370 5524	atikmdag - ok
14:23:41.0386 5524	b06bdrv - ok
14:23:41.0401 5524	b57nd60a - ok
14:23:41.0417 5524	Beep - ok
14:23:41.0448 5524	blbdrive - ok
14:23:41.0448 5524	bowser - ok
14:23:41.0464 5524	BrFiltLo - ok
14:23:41.0464 5524	BrFiltUp - ok
14:23:41.0464 5524	Brserid - ok
14:23:41.0479 5524	BrSerWdm - ok
14:23:41.0479 5524	BrUsbMdm - ok
14:23:41.0495 5524	BrUsbSer - ok
14:23:41.0510 5524	BthEnum - ok
14:23:41.0510 5524	BTHMODEM - ok
14:23:41.0526 5524	BthPan - ok
14:23:41.0542 5524	BTHPORT - ok
14:23:41.0557 5524	BTHUSB - ok
14:23:41.0573 5524	BTWAMPFL - ok
14:23:41.0573 5524	btwaudio - ok
14:23:41.0588 5524	btwavdt - ok
14:23:41.0604 5524	btwl2cap - ok
14:23:41.0604 5524	btwrchid - ok
14:23:41.0620 5524	cdfs - ok
14:23:41.0620 5524	cdrom - ok
14:23:41.0635 5524	circlass - ok
14:23:41.0635 5524	CLFS - ok
14:23:41.0666 5524	CmBatt - ok
14:23:41.0666 5524	cmdide - ok
14:23:41.0666 5524	CNG - ok
14:23:41.0682 5524	Compbatt - ok
14:23:41.0682 5524	CompositeBus - ok
14:23:41.0698 5524	crcdisk - ok
14:23:41.0713 5524	CSC - ok
14:23:41.0729 5524	DfsC - ok
14:23:41.0744 5524	dg_ssudbus - ok
14:23:41.0744 5524	discache - ok
14:23:41.0760 5524	Disk - ok
14:23:41.0776 5524	drmkaud - ok
14:23:41.0791 5524	dtsoftbus01 - ok
14:23:41.0807 5524	DXGKrnl - ok
14:23:41.0807 5524	ebdrv - ok
14:23:41.0838 5524	ElbyCDIO - ok
14:23:41.0854 5524	elxstor - ok
14:23:41.0869 5524	ErrDev - ok
14:23:41.0885 5524	exfat - ok
14:23:41.0885 5524	fastfat - ok
14:23:41.0900 5524	fdc - ok
14:23:41.0932 5524	FileInfo - ok
14:23:41.0932 5524	Filetrace - ok
14:23:41.0947 5524	flpydisk - ok
14:23:41.0963 5524	FltMgr - ok
14:23:41.0978 5524	FsDepends - ok
14:23:41.0978 5524	Fs_Rec - ok
14:23:41.0994 5524	fvevol - ok
14:23:41.0994 5524	gagp30kx - ok
14:23:42.0025 5524	hamachi - ok
14:23:42.0056 5524	hcw85cir - ok
14:23:42.0088 5524	HdAudAddService - ok
14:23:42.0103 5524	HDAudBus - ok
14:23:42.0103 5524	HidBatt - ok
14:23:42.0103 5524	HidBth - ok
14:23:42.0119 5524	HidIr - ok
14:23:42.0134 5524	HidUsb - ok
14:23:42.0166 5524	HpSAMD - ok
14:23:42.0166 5524	HTTP - ok
14:23:42.0166 5524	hwpolicy - ok
14:23:42.0181 5524	i8042prt - ok
14:23:42.0181 5524	iaStorV - ok
14:23:42.0197 5524	iirsp - ok
14:23:42.0212 5524	IntcAzAudAddService - ok
14:23:42.0228 5524	intelide - ok
14:23:42.0275 5524	intelppm - ok
14:23:42.0290 5524	IpFilterDriver - ok
14:23:42.0306 5524	IPMIDRV - ok
14:23:42.0306 5524	IPNAT - ok
14:23:42.0322 5524	IRENUM - ok
14:23:42.0337 5524	isapnp - ok
14:23:42.0337 5524	iScsiPrt - ok
14:23:42.0368 5524	kbdclass - ok
14:23:42.0384 5524	kbdhid - ok
14:23:42.0400 5524	KSecDD - ok
14:23:42.0400 5524	KSecPkg - ok
14:23:42.0415 5524	ksthunk - ok
14:23:42.0462 5524	lltdio - ok
14:23:42.0493 5524	LSI_FC - ok
14:23:42.0493 5524	LSI_SAS - ok
14:23:42.0524 5524	LSI_SAS2 - ok
14:23:42.0540 5524	LSI_SCSI - ok
14:23:42.0602 5524	luafv - ok
14:23:42.0727 5524	megasas - ok
14:23:42.0743 5524	MegaSR - ok
14:23:42.0743 5524	Modem - ok
14:23:42.0758 5524	monitor - ok
14:23:42.0774 5524	mouclass - ok
14:23:42.0790 5524	mouhid - ok
14:23:42.0790 5524	mountmgr - ok
14:23:42.0790 5524	mpio - ok
14:23:42.0821 5524	mpsdrv - ok
14:23:42.0821 5524	MRxDAV - ok
14:23:42.0836 5524	mrxsmb - ok
14:23:42.0836 5524	mrxsmb10 - ok
14:23:42.0852 5524	mrxsmb20 - ok
14:23:42.0852 5524	msahci - ok
14:23:42.0852 5524	msdsm - ok
14:23:42.0883 5524	Msfs - ok
14:23:42.0883 5524	mshidkmdf - ok
14:23:42.0899 5524	msisadrv - ok
14:23:42.0914 5524	MSKSSRV - ok
14:23:42.0914 5524	MSPCLOCK - ok
14:23:42.0930 5524	MSPQM - ok
14:23:42.0930 5524	MsRPC - ok
14:23:42.0930 5524	mssmbios - ok
14:23:42.0946 5524	MSTEE - ok
14:23:42.0946 5524	MTConfig - ok
14:23:42.0961 5524	Mup - ok
14:23:43.0024 5524	NativeWifiP - ok
14:23:43.0024 5524	NDIS - ok
14:23:43.0039 5524	NdisCap - ok
14:23:43.0039 5524	NdisTapi - ok
14:23:43.0039 5524	Ndisuio - ok
14:23:43.0055 5524	NdisWan - ok
14:23:43.0055 5524	NDProxy - ok
14:23:43.0070 5524	NetBIOS - ok
14:23:43.0070 5524	NetBT - ok
14:23:43.0102 5524	netw5v64 - ok
14:23:43.0117 5524	NETwNs64 - ok
14:23:43.0133 5524	nfrd960 - ok
14:23:43.0180 5524	nmwcd - ok
14:23:43.0195 5524	nmwcdc - ok
14:23:43.0226 5524	nmwcdnsucx64 - ok
14:23:43.0242 5524	nmwcdnsux64 - ok
14:23:43.0242 5524	Npfs - ok
14:23:43.0242 5524	nsiproxy - ok
14:23:43.0258 5524	Ntfs - ok
14:23:43.0258 5524	Null - ok
14:23:43.0273 5524	nvraid - ok
14:23:43.0273 5524	nvstor - ok
14:23:43.0289 5524	nv_agp - ok
14:23:43.0304 5524	ohci1394 - ok
14:23:43.0320 5524	Parport - ok
14:23:43.0320 5524	partmgr - ok
14:23:43.0336 5524	pccsmcfd - ok
14:23:43.0336 5524	pci - ok
14:23:43.0336 5524	pciide - ok
14:23:43.0351 5524	pcmcia - ok
14:23:43.0351 5524	pcouffin - ok
14:23:43.0351 5524	pcw - ok
14:23:43.0367 5524	PEAUTH - ok
14:23:43.0398 5524	PptpMiniport - ok
14:23:43.0414 5524	Processor - ok
14:23:43.0429 5524	Psched - ok
14:23:43.0445 5524	ql2300 - ok
14:23:43.0445 5524	ql40xx - ok
14:23:43.0460 5524	QWAVEdrv - ok
14:23:43.0460 5524	RasAcd - ok
14:23:43.0460 5524	RasAgileVpn - ok
14:23:43.0476 5524	Rasl2tp - ok
14:23:43.0476 5524	RasPppoe - ok
14:23:43.0492 5524	RasSstp - ok
14:23:43.0492 5524	rdbss - ok
14:23:43.0492 5524	rdpbus - ok
14:23:43.0507 5524	RDPCDD - ok
14:23:43.0507 5524	RDPDR - ok
14:23:43.0523 5524	RDPENCDD - ok
14:23:43.0523 5524	RDPREFMP - ok
14:23:43.0538 5524	RdpVideoMiniport - ok
14:23:43.0554 5524	RDPWD - ok
14:23:43.0570 5524	rdyboost - ok
14:23:43.0570 5524	regi - ok
14:23:43.0616 5524	Revoflt - ok
14:23:43.0632 5524	RFCOMM - ok
14:23:43.0632 5524	rimsptsk - ok
14:23:43.0648 5524	rspndr - ok
14:23:43.0663 5524	RTHDMIAzAudService - ok
14:23:43.0663 5524	s3cap - ok
14:23:43.0679 5524	SbieDrv - ok
14:23:43.0679 5524	sbp2port - ok
14:23:43.0694 5524	scfilter - ok
14:23:43.0726 5524	SCLx64 - ok
14:23:43.0819 5524	sdbus - ok
14:23:43.0819 5524	secdrv - ok
14:23:43.0835 5524	Serenum - ok
14:23:43.0850 5524	Serial - ok
14:23:43.0850 5524	sermouse - ok
14:23:43.0928 5524	SFEP - ok
14:23:43.0944 5524	sffdisk - ok
14:23:43.0944 5524	sffp_mmc - ok
14:23:43.0944 5524	sffp_sd - ok
14:23:43.0960 5524	sfloppy - ok
14:23:43.0975 5524	SiSRaid2 - ok
14:23:43.0975 5524	SiSRaid4 - ok
14:23:43.0991 5524	Smb - ok
14:23:44.0006 5524	spldr - ok
14:23:44.0022 5524	sptd - ok
14:23:44.0022 5524	srv - ok
14:23:44.0038 5524	srv2 - ok
14:23:44.0038 5524	SrvHsfHDA - ok
14:23:44.0053 5524	SrvHsfV92 - ok
14:23:44.0053 5524	SrvHsfWinac - ok
14:23:44.0053 5524	srvnet - ok
14:23:44.0069 5524	ssadbus - ok
14:23:44.0084 5524	ssadmdfl - ok
14:23:44.0100 5524	ssadmdm - ok
14:23:44.0116 5524	ssudmdm - ok
14:23:44.0131 5524	stexstor - ok
14:23:44.0147 5524	storflt - ok
14:23:44.0147 5524	storvsc - ok
14:23:44.0162 5524	swenum - ok
14:23:44.0162 5524	Synth3dVsc - ok
14:23:44.0178 5524	Tcpip - ok
14:23:44.0194 5524	TCPIP6 - ok
14:23:44.0209 5524	tcpipreg - ok
14:23:44.0209 5524	TDPIPE - ok
14:23:44.0209 5524	TDTCP - ok
14:23:44.0240 5524	tdx - ok
14:23:44.0256 5524	teamviewervpn - ok
14:23:44.0256 5524	TermDD - ok
14:23:44.0287 5524	tssecsrv - ok
14:23:44.0287 5524	TsUsbFlt - ok
14:23:44.0303 5524	tsusbhub - ok
14:23:44.0318 5524	tunnel - ok
14:23:44.0318 5524	uagp35 - ok
14:23:44.0318 5524	udfs - ok
14:23:44.0365 5524	uliagpkx - ok
14:23:44.0381 5524	umbus - ok
14:23:44.0381 5524	UmPass - ok
14:23:44.0428 5524	UnlockerDriver5 - ok
14:23:44.0443 5524	upperdev - ok
14:23:44.0474 5524	usbaudio - ok
14:23:44.0474 5524	usbccgp - ok
14:23:44.0490 5524	usbcir - ok
14:23:44.0490 5524	usbehci - ok
14:23:44.0506 5524	usbhub - ok
14:23:44.0506 5524	usbohci - ok
14:23:44.0506 5524	usbprint - ok
14:23:44.0537 5524	usbser - ok
14:23:44.0537 5524	UsbserFilt - ok
14:23:44.0537 5524	USBSTOR - ok
14:23:44.0552 5524	usbuhci - ok
14:23:44.0552 5524	usbvideo - ok
14:23:44.0568 5524	vdrvroot - ok
14:23:44.0584 5524	vga - ok
14:23:44.0584 5524	VgaSave - ok
14:23:44.0584 5524	VGPU - ok
14:23:44.0599 5524	vhdmp - ok
14:23:44.0599 5524	viaide - ok
14:23:44.0599 5524	vmbus - ok
14:23:44.0615 5524	VMBusHID - ok
14:23:44.0615 5524	volmgr - ok
14:23:44.0646 5524	volmgrx - ok
14:23:44.0646 5524	volsnap - ok
14:23:44.0646 5524	vpcbus - ok
14:23:44.0662 5524	vpcnfltr - ok
14:23:44.0662 5524	vpcusb - ok
14:23:44.0677 5524	vpcvmm - ok
14:23:44.0677 5524	vsmraid - ok
14:23:44.0693 5524	vwifibus - ok
14:23:44.0708 5524	VWiFiFlt - ok
14:23:44.0724 5524	vwifimp - ok
14:23:44.0740 5524	WacomPen - ok
14:23:44.0740 5524	WANARP - ok
14:23:44.0755 5524	Wanarpv6 - ok
14:23:44.0771 5524	Wd - ok
14:23:44.0786 5524	Wdf01000 - ok
14:23:44.0802 5524	WfpLwf - ok
14:23:44.0818 5524	WIMMount - ok
14:23:44.0864 5524	WinUsb - ok
14:23:44.0880 5524	WmiAcpi - ok
14:23:44.0911 5524	ws2ifsl - ok
14:23:44.0927 5524	WudfPf - ok
14:23:44.0927 5524	WUDFRd - ok
14:23:44.0958 5524	yukonw7 - ok
14:23:44.0989 5524	[verify-U]_System - ok
14:23:45.0083 5524	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:23:45.0254 5524	\Device\Harddisk0\DR0 - ok
14:23:45.0254 5524	============================================================
14:23:45.0254 5524	Scan finished
14:23:45.0254 5524	============================================================
14:23:45.0270 0924	Detected object count: 0
14:23:45.0270 0924	Actual detected object count: 0

cosinus · 02.01.2012, 14:37

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

bersdod · 02.01.2012, 15:17

gesagt, getan

Code:

ATTFilter

ComboFix 12-01-02.01 - Norbert das Notebook 02.01.2012  14:57:16.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3069.1997 [GMT 1:00]
ausgeführt von:: c:\users\Norbert das Notebook\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Norbert das Notebook\AppData\Local\lame_enc.dll
c:\users\Norbert das Notebook\AppData\Local\no23xwrapper.dll
c:\users\Norbert das Notebook\AppData\Local\ogg.dll
c:\users\Norbert das Notebook\AppData\Local\vorbis.dll
c:\users\Norbert das Notebook\AppData\Local\vorbisenc.dll
c:\users\Norbert das Notebook\AppData\Local\vorbisfile.dll
c:\users\Norbert das Notebook\AppData\Roaming\inst.exe
c:\users\Norbert das Notebook\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\java.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))
.
.
2012-01-02 14:04 . 2012-01-02 14:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-02 11:45 . 2012-01-02 11:45	--------	d-----w-	C:\_OTL
2011-12-31 13:49 . 2011-12-31 13:53	--------	d-----w-	C:\...Browser
2011-12-31 11:11 . 2011-12-31 11:11	--------	d-----w-	c:\programdata\SUPERSetup
2011-12-31 11:09 . 2011-12-07 18:37	148992	----a-w-	c:\windows\system32\lagarith.dll
2011-12-31 11:09 . 2011-03-02 11:43	203264	----a-w-	c:\windows\system32\unrar.dll
2011-12-31 11:09 . 2011-12-29 18:00	92160	----a-w-	c:\windows\system32\ff_vfw.dll
2011-12-31 11:09 . 2011-12-31 11:09	--------	d-----w-	c:\program files\K-Lite Codec Pack x64
2011-12-31 10:45 . 2011-12-08 04:22	98616	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2011-12-31 10:45 . 2011-12-08 04:22	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2011-12-29 17:12 . 2011-12-29 17:12	--------	d-----w-	c:\users\Norbert das Notebook\AppData\Roaming\Malwarebytes
2011-12-29 17:12 . 2011-12-29 17:12	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-28 17:10 . 2011-12-28 17:10	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-12-23 17:54 . 2011-12-23 17:54	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-23 17:54 . 2011-12-23 17:54	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-23 17:54 . 2011-12-23 17:54	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-23 17:54 . 2011-12-23 17:54	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-22 17:56 . 2011-12-22 17:56	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2011-12-17 14:45 . 2011-12-17 14:45	--------	d-----w-	c:\program files\Tracker Software
2011-12-16 21:57 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-16 21:57 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-16 21:57 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-16 21:57 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-16 21:57 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-16 21:57 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-16 21:35 . 2011-12-16 21:35	750488	----a-w-	c:\windows\system32\npdeployJava1.dll
2011-12-16 21:35 . 2011-12-16 21:35	--------	d-----w-	c:\program files\Java
2011-12-16 21:35 . 2011-12-16 21:35	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-12-16 21:34 . 2011-12-16 21:34	637848	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2011-12-16 21:34 . 2011-12-16 21:34	--------	d-----w-	c:\program files (x86)\Java
2011-12-13 08:35 . 2011-12-13 08:35	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-12-04 21:23 . 2011-12-04 21:23	138872	----a-w-	c:\windows\SysWow64\drivers\AnyDVD.sys
2011-12-04 21:23 . 2011-12-04 21:23	138872	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 06:43 . 2011-04-10 06:00	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2011-12-16 21:35 . 2011-04-09 20:15	660368	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-16 21:34 . 2011-04-09 20:14	567184	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-11-28 18:01 . 2011-04-09 19:25	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-04-09 19:25	199816	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-04-09 19:26	256960	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-04-09 19:26	591192	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-04-09 19:26	304472	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-04-09 19:26	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-04-09 19:26	58712	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-04-09 19:26	66904	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-04-09 19:26	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-11 18:17 . 2011-11-11 18:17	279616	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-11 18:14 . 2011-04-09 19:55	530488	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-11-11 05:19 . 2011-10-07 05:41	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 12:29 . 2011-10-24 12:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-30 5598840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\users\Norbert das Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart.lnk - c:\programdata\Microsoft\Windows\Start Menu\Programs\Systemprogramme\Sonstiges\Programm_Beenden.bat [2011-7-10 439]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R2 mcShoutCastECommerceService;mcShoutCastECommerceService;c:\program files\mcShoutCast\mcShoutCastECommerceService.exe [2011-03-29 8192]
R2 mcShoutCastLauraFM;mcShoutCastLauraFM;c:\program files\mcShoutCast\ShoutCastLauraFMService.exe [2011-03-29 7680]
R2 mcShoutCastProxy;mcShoutCastProxy;c:\program files\mcShoutCast\ShoutCastProxyService.exe [2011-03-29 66560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SCLx64;SCL010 Contactless Reader;c:\windows\system32\DRIVERS\SCLx64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-04-09 189984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 19059951
*Deregistered* - 19059951
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-31 c:\windows\Tasks\elbyExecuteWithUAC.job
- c:\program files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27 19:26]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8d54e0ef6e7d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 14:44]
.
2011-07-11 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-04-09 03:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-03-13 152576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-tulox - c:\program files (x86)\tulox\Unwise32
.
.
"ImagePath"="system32\drivers\
[verify-U]-driver.sys"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\[verify-U]_System]
"ImagePath"="system32\drivers\
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-02  15:09:31
ComboFix-quarantined-files.txt  2012-01-02 14:09
.
Vor Suchlauf: 15 Verzeichnis(se), 36.672.520.192 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 36.499.148.800 Bytes frei
.
- - End Of File - - 3FA933B8A3812978EE2100C73814DB7F

cosinus · 02.01.2012, 15:32

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

bersdod · 02.01.2012, 16:59

Hier das Log von aswMBR. Das ist als Quickscan ausgeführt, hoffe das passt.

Code:

ATTFilter

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-02 16:54:16
-----------------------------
16:54:16.093    OS Version: Windows x64 6.1.7601 Service Pack 1
16:54:16.093    Number of processors: 2 586 0xF0D
16:54:16.095    ComputerName: NORBERTDASNOTEB  UserName: 
16:54:16.450    Initialize success
16:54:16.513    AVAST engine defs: 12010200
16:55:26.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:55:26.718    Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 00000009 Size: 238475MB BusType: 11
16:55:26.718    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0
16:55:26.733    Disk 1 Vendor: (  Size: 3854MB BusType: 12
16:55:26.733    Disk 2  \Device\Harddisk2\DR1 -> \Device\00000074
16:55:26.733    Disk 2 Vendor: RICOH 02 Size: 3854MB BusType: 0
16:55:26.765    Disk 0 MBR read successfully
16:55:26.765    Disk 0 MBR scan
16:55:26.765    Disk 0 Windows 7 default MBR code
16:55:26.765    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63
16:55:26.780    Disk 0 Partition 2 00     27 Hidden NTFS WinRE NTFS        11485 MB offset 2048
16:55:26.796    Disk 0 Partition 3 80 (A) 42          SFS NTFS          100 MB offset 23523328
16:55:26.811    Disk 0 Partition 4 00     42          SFS NTFS       114188 MB offset 23728128
16:55:26.827    Service scanning
16:55:28.699    Modules scanning
16:55:28.699    Disk 0 trace - called modules:
16:55:28.699    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
16:55:28.715    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033f4400]
16:55:28.715    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f72260]
16:55:29.105    AVAST engine scan C:\Windows
16:55:29.105    AVAST engine scan C:\Windows\system32
16:55:29.120    AVAST engine scan C:\Windows\system32\drivers
16:55:29.120    AVAST engine scan C:\Users\Norbert das Notebook
16:55:29.136    AVAST engine scan C:\ProgramData
16:55:29.136    Scan finished successfully
16:55:47.138    Disk 0 MBR has been saved successfully to "C:\Users\Norbert das Notebook\Desktop\MBR.dat"
16:55:47.138    The log file has been saved successfully to "C:\Users\Norbert das Notebook\Desktop\aswMBR.txt"

30.12.2011, 18:07	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1) Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1)

Log-Analyse und Auswertung: Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1)