Vielen Dank, das hier ist der OTL-Log nach dem Fix:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0540005F-107E-4C4D-B1CD-64DE04847137}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0540005F-107E-4C4D-B1CD-64DE04847137}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E4A5BD3-2D23-461A-98CD-FC106A31775C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4A5BD3-2D23-461A-98CD-FC106A31775C}\ not found.
HKU\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
C:\Program Files (x86)\kikin\ie_kikin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FixCamera deleted successfully.
C:\Windows\FixCamera.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Allgemein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.
File C:\Program Files (x86)\kikin\ie_kikin.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e9706d-2611-11e0-95e9-0026b9124de7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e9706d-2611-11e0-95e9-0026b9124de7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e9706d-2611-11e0-95e9-0026b9124de7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e9706d-2611-11e0-95e9-0026b9124de7}\ not found.
File G:\setup.exe not found.
C:\Users\Allgemein\AppData\Roaming\kikin folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Allgemein
->Temp folder emptied: 50826508 bytes
->Temporary Internet Files folder emptied: 8286410 bytes
->Java cache emptied: 36444676 bytes
->FireFox cache emptied: 111633541 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 21596 bytes
 
User: Christian
->Temp folder emptied: 37411317 bytes
->Temporary Internet Files folder emptied: 4394696 bytes
->Java cache emptied: 46423599 bytes
->FireFox cache emptied: 50731571 bytes
->Google Chrome cache emptied: 332116326 bytes
->Flash cache emptied: 11350825 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 540066 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 658,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.1 log created on 03082012_202606

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Wieso hast du den Command [resethosts] rausgenommen

Habe ich nicht (wissentlich). Kann ich den auch isoliert noch einmal laufen lassen? Also in das Feld nur die Zeile [resthosts] ?
Edit: Also zumindest steht in dem Log "HOSTS file reset successfully".. also hat der Hosts doch resettet?
An deinem Skript habe ich definitiv nichts verändert.

Ups sry vergiss es, du hast drin gehabt, ich habs nur übersehen blind wie ich bin

Zitat:

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Code: Alles auswählenAufklappen

ATTFilter

20:48:25.0949 5980	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
20:48:26.0170 5980	============================================================
20:48:26.0171 5980	Current date / time: 2012/03/08 20:48:26.0170
20:48:26.0171 5980	SystemInfo:
20:48:26.0171 5980	
20:48:26.0171 5980	OS Version: 6.1.7601 ServicePack: 1.0
20:48:26.0171 5980	Product type: Workstation
20:48:26.0171 5980	ComputerName: CHRISTIAN
20:48:26.0171 5980	UserName: Christian
20:48:26.0171 5980	Windows directory: C:\Windows
20:48:26.0171 5980	System windows directory: C:\Windows
20:48:26.0171 5980	Running under WOW64
20:48:26.0171 5980	Processor architecture: Intel x64
20:48:26.0171 5980	Number of processors: 2
20:48:26.0171 5980	Page size: 0x1000
20:48:26.0171 5980	Boot type: Normal boot
20:48:26.0171 5980	============================================================
20:48:27.0483 5980	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:27.0490 5980	\Device\Harddisk0\DR0:
20:48:27.0490 5980	MBR used
20:48:27.0490 5980	Initialize success
20:48:27.0490 5980	============================================================
20:59:40.0527 5604	============================================================
20:59:40.0527 5604	Scan started
20:59:40.0527 5604	Mode: Manual; SigCheck; TDLFS; 
20:59:40.0527 5604	============================================================
20:59:40.0620 5604	1394ohci - ok
20:59:40.0636 5604	ACPI - ok
20:59:40.0636 5604	AcpiPmi - ok
20:59:40.0667 5604	acsock - ok
20:59:40.0683 5604	adp94xx - ok
20:59:40.0698 5604	adpahci - ok
20:59:40.0698 5604	adpu320 - ok
20:59:40.0729 5604	AFD - ok
20:59:40.0729 5604	agp440 - ok
20:59:40.0745 5604	aliide - ok
20:59:40.0761 5604	amdide - ok
20:59:40.0761 5604	AmdK8 - ok
20:59:40.0776 5604	AmdPPM - ok
20:59:40.0776 5604	amdsata - ok
20:59:40.0792 5604	amdsbs - ok
20:59:40.0792 5604	amdxata - ok
20:59:40.0839 5604	AppID - ok
20:59:40.0854 5604	arc - ok
20:59:40.0854 5604	arcsas - ok
20:59:40.0885 5604	AsyncMac - ok
20:59:40.0885 5604	atapi - ok
20:59:40.0901 5604	AtiHdmiService - ok
20:59:40.0901 5604	atikmdag - ok
20:59:40.0932 5604	avgntflt - ok
20:59:40.0948 5604	avipbb - ok
20:59:40.0979 5604	avkmgr - ok
20:59:40.0995 5604	b06bdrv - ok
20:59:40.0995 5604	b57nd60a - ok
20:59:41.0026 5604	BCM42RLY - ok
20:59:41.0026 5604	BCM43XX - ok
20:59:41.0041 5604	BDA_Capture_225 - ok
20:59:41.0041 5604	BDA_Loader_225 - ok
20:59:41.0057 5604	Beep - ok
20:59:41.0088 5604	blbdrive - ok
20:59:41.0104 5604	bowser - ok
20:59:41.0119 5604	BrFiltLo - ok
20:59:41.0119 5604	BrFiltUp - ok
20:59:41.0135 5604	Brserid - ok
20:59:41.0135 5604	BrSerWdm - ok
20:59:41.0151 5604	BrUsbMdm - ok
20:59:41.0151 5604	BrUsbSer - ok
20:59:41.0166 5604	BTHMODEM - ok
20:59:41.0182 5604	cdfs - ok
20:59:41.0182 5604	cdrom - ok
20:59:41.0197 5604	circlass - ok
20:59:41.0197 5604	CLFS - ok
20:59:41.0229 5604	CmBatt - ok
20:59:41.0229 5604	cmdide - ok
20:59:41.0244 5604	CNG - ok
20:59:41.0244 5604	Compbatt - ok
20:59:41.0260 5604	CompositeBus - ok
20:59:41.0275 5604	crcdisk - ok
20:59:41.0275 5604	CtClsFlt - ok
20:59:41.0291 5604	CVirtA - ok
20:59:41.0307 5604	CVPNDRVA - ok
20:59:41.0322 5604	DfsC - ok
20:59:41.0338 5604	discache - ok
20:59:41.0338 5604	Disk - ok
20:59:41.0369 5604	DNE - ok
20:59:41.0385 5604	drmkaud - ok
20:59:41.0400 5604	DXGKrnl - ok
20:59:41.0416 5604	ebdrv - ok
20:59:41.0431 5604	elxstor - ok
20:59:41.0431 5604	ErrDev - ok
20:59:41.0447 5604	exfat - ok
20:59:41.0463 5604	fastfat - ok
20:59:41.0463 5604	fdc - ok
20:59:41.0478 5604	FileInfo - ok
20:59:41.0494 5604	Filetrace - ok
20:59:41.0494 5604	flpydisk - ok
20:59:41.0509 5604	FltMgr - ok
20:59:41.0525 5604	FsDepends - ok
20:59:41.0525 5604	Fs_Rec - ok
20:59:41.0556 5604	fvevol - ok
20:59:41.0556 5604	gagp30kx - ok
20:59:41.0572 5604	GEARAspiWDM - ok
20:59:41.0603 5604	hcw85cir - ok
20:59:41.0619 5604	HDAudBus - ok
20:59:41.0634 5604	HidBatt - ok
20:59:41.0650 5604	HidBth - ok
20:59:41.0650 5604	HidIr - ok
20:59:41.0681 5604	HidUsb - ok
20:59:41.0712 5604	HpSAMD - ok
20:59:41.0712 5604	HTCAND64 - ok
20:59:41.0728 5604	htcnprot - ok
20:59:41.0728 5604	HTTP - ok
20:59:41.0728 5604	hwpolicy - ok
20:59:41.0743 5604	i8042prt - ok
20:59:41.0743 5604	iaStorV - ok
20:59:41.0759 5604	iirsp - ok
20:59:41.0775 5604	intelide - ok
20:59:41.0775 5604	intelppm - ok
20:59:41.0790 5604	IpFilterDriver - ok
20:59:41.0806 5604	IPMIDRV - ok
20:59:41.0806 5604	IPNAT - ok
20:59:41.0837 5604	IRENUM - ok
20:59:41.0837 5604	isapnp - ok
20:59:41.0853 5604	iScsiPrt - ok
20:59:41.0853 5604	k57nd60a - ok
20:59:41.0868 5604	kbdclass - ok
20:59:41.0868 5604	kbdhid - ok
20:59:41.0884 5604	KSecDD - ok
20:59:41.0884 5604	KSecPkg - ok
20:59:41.0884 5604	ksthunk - ok
20:59:41.0915 5604	lltdio - ok
20:59:41.0931 5604	LSI_FC - ok
20:59:41.0931 5604	LSI_SAS - ok
20:59:41.0946 5604	LSI_SAS2 - ok
20:59:41.0946 5604	LSI_SCSI - ok
20:59:41.0962 5604	luafv - ok
20:59:41.0962 5604	ManyCam - ok
20:59:41.0977 5604	MBAMProtector - ok
20:59:41.0993 5604	megasas - ok
20:59:42.0009 5604	MegaSR - ok
20:59:42.0024 5604	Modem - ok
20:59:42.0024 5604	monitor - ok
20:59:42.0040 5604	mouclass - ok
20:59:42.0040 5604	mouhid - ok
20:59:42.0055 5604	mountmgr - ok
20:59:42.0055 5604	mpio - ok
20:59:42.0071 5604	mpsdrv - ok
20:59:42.0071 5604	MRxDAV - ok
20:59:42.0087 5604	mrxsmb - ok
20:59:42.0087 5604	mrxsmb10 - ok
20:59:42.0102 5604	mrxsmb20 - ok
20:59:42.0102 5604	msahci - ok
20:59:42.0118 5604	msdsm - ok
20:59:42.0133 5604	Msfs - ok
20:59:42.0133 5604	mshidkmdf - ok
20:59:42.0149 5604	msisadrv - ok
20:59:42.0165 5604	MSKSSRV - ok
20:59:42.0165 5604	MSPCLOCK - ok
20:59:42.0180 5604	MSPQM - ok
20:59:42.0180 5604	MsRPC - ok
20:59:42.0196 5604	mssmbios - ok
20:59:42.0196 5604	MSTEE - ok
20:59:42.0211 5604	MTConfig - ok
20:59:42.0211 5604	Mup - ok
20:59:42.0227 5604	NativeWifiP - ok
20:59:42.0227 5604	NDIS - ok
20:59:42.0243 5604	NdisCap - ok
20:59:42.0243 5604	NdisTapi - ok
20:59:42.0258 5604	Ndisuio - ok
20:59:42.0258 5604	NdisWan - ok
20:59:42.0274 5604	NDProxy - ok
20:59:42.0274 5604	NetBIOS - ok
20:59:42.0289 5604	NetBT - ok
20:59:42.0336 5604	nfrd960 - ok
20:59:42.0352 5604	Npfs - ok
20:59:42.0367 5604	nsiproxy - ok
20:59:42.0383 5604	Ntfs - ok
20:59:42.0383 5604	Null - ok
20:59:42.0399 5604	nvraid - ok
20:59:42.0399 5604	nvstor - ok
20:59:42.0414 5604	nv_agp - ok
20:59:42.0430 5604	ohci1394 - ok
20:59:42.0461 5604	Parport - ok
20:59:42.0461 5604	partmgr - ok
20:59:42.0477 5604	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
20:59:42.0492 5604	pci - ok
20:59:42.0492 5604	pciide - ok
20:59:42.0508 5604	pcmcia - ok
20:59:42.0508 5604	pcw - ok
20:59:42.0508 5604	PEAUTH - ok
20:59:42.0555 5604	PptpMiniport - ok
20:59:42.0570 5604	Processor - ok
20:59:42.0586 5604	Psched - ok
20:59:42.0586 5604	PSI - ok
20:59:42.0601 5604	PxHlpa64 - ok
20:59:42.0601 5604	ql2300 - ok
20:59:42.0617 5604	ql40xx - ok
20:59:42.0617 5604	QWAVEdrv - ok
20:59:42.0648 5604	RasAcd - ok
20:59:42.0648 5604	RasAgileVpn - ok
20:59:42.0664 5604	Rasl2tp - ok
20:59:42.0664 5604	RasPppoe - ok
20:59:42.0679 5604	RasSstp - ok
20:59:42.0679 5604	rdbss - ok
20:59:42.0695 5604	rdpbus - ok
20:59:42.0695 5604	RDPCDD - ok
20:59:42.0711 5604	RDPENCDD - ok
20:59:42.0726 5604	RDPREFMP - ok
20:59:42.0726 5604	RDPWD - ok
20:59:42.0742 5604	rdyboost - ok
20:59:42.0742 5604	rimmptsk - ok
20:59:42.0757 5604	rimsptsk - ok
20:59:42.0757 5604	rismxdp - ok
20:59:42.0773 5604	rspndr - ok
20:59:42.0789 5604	sbp2port - ok
20:59:42.0804 5604	scfilter - ok
20:59:42.0820 5604	sdbus - ok
20:59:42.0835 5604	secdrv - ok
20:59:42.0851 5604	Serenum - ok
20:59:42.0867 5604	Serial - ok
20:59:42.0867 5604	sermouse - ok
20:59:42.0898 5604	sffdisk - ok
20:59:42.0898 5604	sffp_mmc - ok
20:59:42.0913 5604	sffp_sd - ok
20:59:42.0913 5604	sfloppy - ok
20:59:42.0929 5604	SiSRaid2 - ok
20:59:42.0929 5604	SiSRaid4 - ok
20:59:42.0945 5604	Smb - ok
20:59:42.0960 5604	SNPSTD3 - ok
20:59:42.0976 5604	spldr - ok
20:59:42.0991 5604	sptd - ok
20:59:43.0007 5604	srv - ok
20:59:43.0007 5604	srv2 - ok
20:59:43.0023 5604	srvnet - ok
20:59:43.0038 5604	StarOpen - ok
20:59:43.0054 5604	stexstor - ok
20:59:43.0054 5604	STHDA - ok
20:59:43.0069 5604	swenum - ok
20:59:43.0085 5604	SynasUSB - ok
20:59:43.0101 5604	SynTP - ok
20:59:43.0116 5604	taphss - ok
20:59:43.0132 5604	Tcpip - ok
20:59:43.0132 5604	TCPIP6 - ok
20:59:43.0147 5604	tcpipreg - ok
20:59:43.0147 5604	TDPIPE - ok
20:59:43.0163 5604	TDTCP - ok
20:59:43.0163 5604	tdx - ok
20:59:43.0179 5604	TermDD - ok
20:59:43.0194 5604	tssecsrv - ok
20:59:43.0210 5604	TsUsbFlt - ok
20:59:43.0210 5604	tunnel - ok
20:59:43.0225 5604	uagp35 - ok
20:59:43.0225 5604	udfs - ok
20:59:43.0241 5604	uliagpkx - ok
20:59:43.0257 5604	umbus - ok
20:59:43.0257 5604	UmPass - ok
20:59:43.0272 5604	USBAAPL64 - ok
20:59:43.0288 5604	usbccgp - ok
20:59:43.0288 5604	usbcir - ok
20:59:43.0288 5604	usbehci - ok
20:59:43.0303 5604	usbhub - ok
20:59:43.0303 5604	usbohci - ok
20:59:43.0319 5604	usbprint - ok
20:59:43.0319 5604	usbscan - ok
20:59:43.0335 5604	USBSTOR - ok
20:59:43.0335 5604	usbuhci - ok
20:59:43.0366 5604	usbvideo - ok
20:59:43.0381 5604	usb_rndisx - ok
20:59:43.0397 5604	vdrvroot - ok
20:59:43.0413 5604	vga - ok
20:59:43.0413 5604	VgaSave - ok
20:59:43.0428 5604	vhdmp - ok
20:59:43.0428 5604	viaide - ok
20:59:43.0428 5604	volmgr - ok
20:59:43.0444 5604	volmgrx - ok
20:59:43.0444 5604	volsnap - ok
20:59:43.0475 5604	vpnva - ok
20:59:43.0491 5604	vsmraid - ok
20:59:43.0506 5604	vwifibus - ok
20:59:43.0522 5604	vwififlt - ok
20:59:43.0522 5604	vwifimp - ok
20:59:43.0537 5604	WacomPen - ok
20:59:43.0553 5604	WANARP - ok
20:59:43.0553 5604	Wanarpv6 - ok
20:59:43.0584 5604	Wd - ok
20:59:43.0584 5604	Wdf01000 - ok
20:59:43.0615 5604	WfpLwf - ok
20:59:43.0647 5604	WimFltr - ok
20:59:43.0647 5604	WIMMount - ok
20:59:43.0709 5604	WINUSB - ok
20:59:43.0725 5604	WmiAcpi - ok
20:59:43.0740 5604	ws2ifsl - ok
20:59:43.0771 5604	WudfPf - ok
20:59:43.0787 5604	WUDFRd - ok
20:59:43.0834 5604	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:59:44.0037 5604	\Device\Harddisk0\DR0 - ok
20:59:44.0037 5604	============================================================
20:59:44.0037 5604	Scan finished
20:59:44.0037 5604	============================================================
20:59:44.0068 5892	Detected object count: 0
20:59:44.0068 5892	Actual detected object count: 0
20:59:54.0598 2996	============================================================
20:59:54.0598 2996	Scan started
20:59:54.0598 2996	Mode: Manual; SigCheck; TDLFS; 
20:59:54.0598 2996	============================================================
20:59:54.0910 2996	1394ohci - ok
20:59:54.0910 2996	ACPI - ok
20:59:54.0925 2996	AcpiPmi - ok
20:59:54.0925 2996	acsock - ok
20:59:54.0957 2996	adp94xx - ok
20:59:54.0957 2996	adpahci - ok
20:59:54.0972 2996	adpu320 - ok
20:59:54.0988 2996	AFD - ok
20:59:55.0003 2996	agp440 - ok
20:59:55.0019 2996	aliide - ok
20:59:55.0035 2996	amdide - ok
20:59:55.0050 2996	AmdK8 - ok
20:59:55.0050 2996	AmdPPM - ok
20:59:55.0066 2996	amdsata - ok
20:59:55.0066 2996	amdsbs - ok
20:59:55.0081 2996	amdxata - ok
20:59:55.0097 2996	AppID - ok
20:59:55.0128 2996	arc - ok
20:59:55.0144 2996	arcsas - ok
20:59:55.0159 2996	AsyncMac - ok
20:59:55.0175 2996	atapi - ok
20:59:55.0191 2996	AtiHdmiService - ok
20:59:55.0191 2996	atikmdag - ok
20:59:55.0222 2996	avgntflt - ok
20:59:55.0222 2996	avipbb - ok
20:59:55.0222 2996	avkmgr - ok
20:59:55.0237 2996	b06bdrv - ok
20:59:55.0253 2996	b57nd60a - ok
20:59:55.0284 2996	BCM42RLY - ok
20:59:55.0284 2996	BCM43XX - ok
20:59:55.0300 2996	BDA_Capture_225 - ok
20:59:55.0315 2996	BDA_Loader_225 - ok
20:59:55.0331 2996	Beep - ok
20:59:55.0347 2996	blbdrive - ok
20:59:55.0362 2996	bowser - ok
20:59:55.0378 2996	BrFiltLo - ok
20:59:55.0378 2996	BrFiltUp - ok
20:59:55.0393 2996	Brserid - ok
20:59:55.0409 2996	BrSerWdm - ok
20:59:55.0425 2996	BrUsbMdm - ok
20:59:55.0425 2996	BrUsbSer - ok
20:59:55.0440 2996	BTHMODEM - ok
20:59:55.0456 2996	cdfs - ok
20:59:55.0471 2996	cdrom - ok
20:59:55.0487 2996	circlass - ok
20:59:55.0487 2996	CLFS - ok
20:59:55.0518 2996	CmBatt - ok
20:59:55.0534 2996	cmdide - ok
20:59:55.0534 2996	CNG - ok
20:59:55.0534 2996	Compbatt - ok
20:59:55.0549 2996	CompositeBus - ok
20:59:55.0565 2996	crcdisk - ok
20:59:55.0581 2996	CtClsFlt - ok
20:59:55.0581 2996	CVirtA - ok
20:59:55.0596 2996	CVPNDRVA - ok
20:59:55.0612 2996	DfsC - ok
20:59:55.0612 2996	discache - ok
20:59:55.0627 2996	Disk - ok
20:59:55.0627 2996	DNE - ok
20:59:55.0659 2996	drmkaud - ok
20:59:55.0659 2996	DXGKrnl - ok
20:59:55.0674 2996	ebdrv - ok
20:59:55.0690 2996	elxstor - ok
20:59:55.0690 2996	ErrDev - ok
20:59:55.0705 2996	exfat - ok
20:59:55.0721 2996	fastfat - ok
20:59:55.0737 2996	fdc - ok
20:59:55.0737 2996	FileInfo - ok
20:59:55.0752 2996	Filetrace - ok
20:59:55.0752 2996	flpydisk - ok
20:59:55.0768 2996	FltMgr - ok
20:59:55.0783 2996	FsDepends - ok
20:59:55.0783 2996	Fs_Rec - ok
20:59:55.0799 2996	fvevol - ok
20:59:55.0799 2996	gagp30kx - ok
20:59:55.0799 2996	GEARAspiWDM - ok
20:59:55.0830 2996	hcw85cir - ok
20:59:55.0830 2996	HDAudBus - ok
20:59:55.0846 2996	HidBatt - ok
20:59:55.0846 2996	HidBth - ok
20:59:55.0861 2996	HidIr - ok
20:59:55.0861 2996	HidUsb - ok
20:59:55.0877 2996	HpSAMD - ok
20:59:55.0893 2996	HTCAND64 - ok
20:59:55.0893 2996	htcnprot - ok
20:59:55.0908 2996	HTTP - ok
20:59:55.0908 2996	hwpolicy - ok
20:59:55.0924 2996	i8042prt - ok
20:59:55.0924 2996	iaStorV - ok
20:59:55.0939 2996	iirsp - ok
20:59:55.0955 2996	intelide - ok
20:59:55.0971 2996	intelppm - ok
20:59:55.0971 2996	IpFilterDriver - ok
20:59:55.0986 2996	IPMIDRV - ok
20:59:55.0986 2996	IPNAT - ok
20:59:56.0002 2996	IRENUM - ok
20:59:56.0017 2996	isapnp - ok
20:59:56.0017 2996	iScsiPrt - ok
20:59:56.0033 2996	k57nd60a - ok
20:59:56.0033 2996	kbdclass - ok
20:59:56.0049 2996	kbdhid - ok
20:59:56.0049 2996	KSecDD - ok
20:59:56.0064 2996	KSecPkg - ok
20:59:56.0080 2996	ksthunk - ok
20:59:56.0111 2996	lltdio - ok
20:59:56.0127 2996	LSI_FC - ok
20:59:56.0142 2996	LSI_SAS - ok
20:59:56.0142 2996	LSI_SAS2 - ok
20:59:56.0158 2996	LSI_SCSI - ok
20:59:56.0158 2996	luafv - ok
20:59:56.0173 2996	ManyCam - ok
20:59:56.0189 2996	MBAMProtector - ok
20:59:56.0251 2996	megasas - ok
20:59:56.0267 2996	MegaSR - ok
20:59:56.0283 2996	Modem - ok
20:59:56.0298 2996	monitor - ok
20:59:56.0314 2996	mouclass - ok
20:59:56.0314 2996	mouhid - ok
20:59:56.0329 2996	mountmgr - ok
20:59:56.0345 2996	mpio - ok
20:59:56.0361 2996	mpsdrv - ok
20:59:56.0376 2996	MRxDAV - ok
20:59:56.0392 2996	mrxsmb - ok
20:59:56.0392 2996	mrxsmb10 - ok
20:59:56.0407 2996	mrxsmb20 - ok
20:59:56.0423 2996	msahci - ok
20:59:56.0439 2996	msdsm - ok
20:59:56.0470 2996	Msfs - ok
20:59:56.0470 2996	mshidkmdf - ok
20:59:56.0485 2996	msisadrv - ok
20:59:56.0501 2996	MSKSSRV - ok
20:59:56.0517 2996	MSPCLOCK - ok
20:59:56.0517 2996	MSPQM - ok
20:59:56.0532 2996	MsRPC - ok
20:59:56.0548 2996	mssmbios - ok
20:59:56.0563 2996	MSTEE - ok
20:59:56.0579 2996	MTConfig - ok
20:59:56.0579 2996	Mup - ok
20:59:56.0610 2996	NativeWifiP - ok
20:59:56.0610 2996	NDIS - ok
20:59:56.0626 2996	NdisCap - ok
20:59:56.0641 2996	NdisTapi - ok
20:59:56.0657 2996	Ndisuio - ok
20:59:56.0657 2996	NdisWan - ok
20:59:56.0673 2996	NDProxy - ok
20:59:56.0688 2996	NetBIOS - ok
20:59:56.0688 2996	NetBT - ok
20:59:56.0751 2996	nfrd960 - ok
20:59:56.0797 2996	Npfs - ok
20:59:56.0829 2996	nsiproxy - ok
20:59:56.0844 2996	Ntfs - ok
20:59:56.0844 2996	Null - ok
20:59:56.0860 2996	nvraid - ok
20:59:56.0875 2996	nvstor - ok
20:59:56.0875 2996	nv_agp - ok
20:59:56.0907 2996	ohci1394 - ok
20:59:56.0938 2996	Parport - ok
20:59:56.0938 2996	partmgr - ok
20:59:56.0969 2996	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
20:59:56.0985 2996	pci - ok
20:59:56.0985 2996	pciide - ok
20:59:57.0000 2996	pcmcia - ok
20:59:57.0016 2996	pcw - ok
20:59:57.0031 2996	PEAUTH - ok
20:59:57.0109 2996	PptpMiniport - ok
20:59:57.0109 2996	Processor - ok
20:59:57.0141 2996	Psched - ok
20:59:57.0156 2996	PSI - ok
20:59:57.0172 2996	PxHlpa64 - ok
20:59:57.0172 2996	ql2300 - ok
20:59:57.0187 2996	ql40xx - ok
20:59:57.0203 2996	QWAVEdrv - ok
20:59:57.0219 2996	RasAcd - ok
20:59:57.0234 2996	RasAgileVpn - ok
20:59:57.0250 2996	Rasl2tp - ok
20:59:57.0265 2996	RasPppoe - ok
20:59:57.0265 2996	RasSstp - ok
20:59:57.0281 2996	rdbss - ok
20:59:57.0281 2996	rdpbus - ok
20:59:57.0297 2996	RDPCDD - ok
20:59:57.0312 2996	RDPENCDD - ok
20:59:57.0328 2996	RDPREFMP - ok
20:59:57.0343 2996	RDPWD - ok
20:59:57.0359 2996	rdyboost - ok
20:59:57.0375 2996	rimmptsk - ok
20:59:57.0375 2996	rimsptsk - ok
20:59:57.0390 2996	rismxdp - ok
20:59:57.0406 2996	rspndr - ok
20:59:57.0421 2996	sbp2port - ok
20:59:57.0437 2996	scfilter - ok
20:59:57.0453 2996	sdbus - ok
20:59:57.0468 2996	secdrv - ok
20:59:57.0515 2996	Serenum - ok
20:59:57.0515 2996	Serial - ok
20:59:57.0531 2996	sermouse - ok
20:59:57.0562 2996	sffdisk - ok
20:59:57.0577 2996	sffp_mmc - ok
20:59:57.0577 2996	sffp_sd - ok
20:59:57.0593 2996	sfloppy - ok
20:59:57.0624 2996	SiSRaid2 - ok
20:59:57.0624 2996	SiSRaid4 - ok
20:59:57.0640 2996	Smb - ok
20:59:57.0671 2996	SNPSTD3 - ok
20:59:57.0671 2996	spldr - ok
20:59:57.0702 2996	sptd - ok
20:59:57.0718 2996	srv - ok
20:59:57.0718 2996	srv2 - ok
20:59:57.0733 2996	srvnet - ok
20:59:57.0765 2996	StarOpen - ok
20:59:57.0780 2996	stexstor - ok
20:59:57.0796 2996	STHDA - ok
20:59:57.0811 2996	swenum - ok
20:59:57.0827 2996	SynasUSB - ok
20:59:57.0843 2996	SynTP - ok
20:59:57.0858 2996	taphss - ok
20:59:57.0889 2996	Tcpip - ok
20:59:57.0889 2996	TCPIP6 - ok
20:59:57.0921 2996	tcpipreg - ok
20:59:57.0936 2996	TDPIPE - ok
20:59:57.0936 2996	TDTCP - ok
20:59:57.0952 2996	tdx - ok
20:59:57.0967 2996	TermDD - ok
20:59:58.0014 2996	tssecsrv - ok
20:59:58.0030 2996	TsUsbFlt - ok
20:59:58.0030 2996	tunnel - ok
20:59:58.0045 2996	uagp35 - ok
20:59:58.0061 2996	udfs - ok
20:59:58.0092 2996	uliagpkx - ok
20:59:58.0092 2996	umbus - ok
20:59:58.0108 2996	UmPass - ok
20:59:58.0139 2996	USBAAPL64 - ok
20:59:58.0155 2996	usbccgp - ok
20:59:58.0170 2996	usbcir - ok
20:59:58.0186 2996	usbehci - ok
20:59:58.0201 2996	usbhub - ok
20:59:58.0201 2996	usbohci - ok
20:59:58.0217 2996	usbprint - ok
20:59:58.0233 2996	usbscan - ok
20:59:58.0248 2996	USBSTOR - ok
20:59:58.0248 2996	usbuhci - ok
20:59:58.0264 2996	usbvideo - ok
20:59:58.0279 2996	usb_rndisx - ok
20:59:58.0295 2996	vdrvroot - ok
20:59:58.0311 2996	vga - ok
20:59:58.0326 2996	VgaSave - ok
20:59:58.0342 2996	vhdmp - ok
20:59:58.0357 2996	viaide - ok
20:59:58.0357 2996	volmgr - ok
20:59:58.0373 2996	volmgrx - ok
20:59:58.0389 2996	volsnap - ok
20:59:58.0404 2996	vpnva - ok
20:59:58.0420 2996	vsmraid - ok
20:59:58.0435 2996	vwifibus - ok
20:59:58.0451 2996	vwififlt - ok
20:59:58.0467 2996	vwifimp - ok
20:59:58.0482 2996	WacomPen - ok
20:59:58.0498 2996	WANARP - ok
20:59:58.0513 2996	Wanarpv6 - ok
20:59:58.0545 2996	Wd - ok
20:59:58.0560 2996	Wdf01000 - ok
20:59:58.0607 2996	WfpLwf - ok
20:59:58.0623 2996	WimFltr - ok
20:59:58.0638 2996	WIMMount - ok
20:59:58.0701 2996	WINUSB - ok
20:59:58.0716 2996	WmiAcpi - ok
20:59:58.0763 2996	ws2ifsl - ok
20:59:58.0810 2996	WudfPf - ok
20:59:58.0857 2996	WUDFRd - ok
20:59:58.0919 2996	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:59:59.0153 2996	\Device\Harddisk0\DR0 - ok
20:59:59.0153 2996	============================================================
20:59:59.0153 2996	Scan finished
20:59:59.0153 2996	============================================================
20:59:59.0169 6056	Detected object count: 0
20:59:59.0169 6056	Actual detected object count: 0
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-03-08.04 - Christian 08.03.2012  23:00:42.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.1895 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\etc
c:\program files (x86)\etc\maple2e.sty
c:\program files (x86)\etc\mapleenv.def
c:\program files (x86)\etc\mapleenv.sty
c:\program files (x86)\etc\mapleplots.sty
c:\program files (x86)\etc\maplestd2e.sty
c:\program files (x86)\etc\maplestyle.sty
c:\program files (x86)\etc\mapletab.sty
c:\program files (x86)\etc\mapleutil.sty
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\system32\setuid.dll
c:\windows\SysWow64\Gdiplus.dll
c:\windows\SysWow64\scvideo.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-08 bis 2012-03-08  ))))))))))))))))))))))))))))))
.
.
2012-03-08 19:26 . 2012-03-08 19:26	--------	d-----w-	C:\_OTL
2012-03-07 23:46 . 2012-02-16 14:55	45016	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-03-07 23:46 . 2012-02-16 10:41	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-07 23:46 . 2012-02-16 10:41	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-07 23:46 . 2012-02-16 10:41	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-07 23:33 . 2012-03-07 23:33	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-03-07 23:29 . 2012-03-07 23:29	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-07 23:29 . 2012-03-07 23:29	--------	d-----w-	c:\program files\Java
2012-03-07 23:13 . 2012-03-07 23:13	--------	d-----w-	c:\users\Christian\AppData\Local\Secunia PSI
2012-03-07 22:55 . 2012-03-07 22:55	--------	d-----w-	c:\program files (x86)\ESET
2012-03-07 21:40 . 2012-03-07 21:40	--------	d-----w-	c:\program files (x86)\Secunia
2012-03-06 17:38 . 2012-03-06 17:38	--------	d-----w-	c:\users\Christian\AppData\Roaming\MathWorks
2012-03-06 16:39 . 2004-07-29 20:35	1077344	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-03-06 16:39 . 2004-03-01 21:05	407104	----a-w-	c:\windows\system32\MSHFLXGD.OCX
2012-03-06 16:39 . 2004-02-11 13:37	203976	----a-w-	c:\windows\system32\RICHTX32.OCX
2012-03-06 16:10 . 2012-03-06 16:10	--------	d-----w-	c:\program files\MATLAB
2012-03-06 16:00 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{86170759-CD0F-42BF-90E0-2BD28FD4B5B8}\mpengine.dll
2012-03-06 14:48 . 2012-03-06 14:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 14:48 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-04 17:45 . 2012-03-04 17:45	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2012-03-04 14:17 . 2012-03-04 14:17	--------	d-----w-	c:\users\Allgemein\AppData\Roaming\Malwarebytes
2012-03-04 14:17 . 2012-03-04 14:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-17 12:09 . 2012-02-17 12:09	--------	d-----w-	c:\users\Christian\AppData\Roaming\Jumping Bytes
2012-02-17 12:03 . 2012-02-17 12:04	--------	d-----w-	c:\program files (x86)\PureSync
2012-02-17 12:03 . 2012-02-17 12:04	--------	d-----w-	c:\program files (x86)\Common Files\Jumping Bytes
2012-02-16 21:44 . 2012-02-16 21:44	--------	d-----w-	c:\users\Christian\AppData\Roaming\TuneUp Software
2012-02-16 21:43 . 2012-02-16 21:45	--------	d-----w-	c:\programdata\TuneUp Software
2012-02-16 21:43 . 2012-02-16 21:43	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-16 15:32 . 2012-02-16 15:32	--------	d-----w-	c:\users\Christian\AppData\Roaming\mkvtoolnix
2012-02-16 15:31 . 2012-02-16 15:31	--------	d-----w-	c:\program files (x86)\MKVToolNix
2012-02-16 08:21 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-16 08:21 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-16 08:21 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 08:21 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-16 08:21 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-16 08:21 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-16 08:21 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-16 08:21 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 23:48 . 2011-12-16 12:28	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 23:32 . 2010-06-28 10:15	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2009-12-14 20:03	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 13:58 . 2011-10-15 12:07	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-12 00:19 . 2012-01-12 00:19	4448256	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-01-04 23:01 . 2012-01-04 23:01	37888	----a-w-	c:\windows\system32\drivers\taphss.sys
2011-10-15 19:18 . 2011-10-15 17:27	4962008	----a-w-	c:\program files (x86)\MapleToolbox_WindowsX86_64.exe
2011-10-15 17:27 . 2011-10-15 17:27	106	----a-w-	c:\program files (x86)\MapleToolbox.bat
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2011-12-12 837696]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"AVFX Engine"="c:\program files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-09 20480]
"NuonSoft ShellEnhancer StartupHelper"="c:\program files (x86)\NuonSoft\ShellEnhancer\StartupHelper.exe" [2006-12-16 65536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-07-08 356352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\Drivers\BDA_Capture_225_x64.sys [x]
R3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\Drivers\BDA_Loader_225_x64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-07-29 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{74FA3C8A-1739-4AE0-B578-0E4E288B6688}]
2009-12-16 19:12	126736	----a-w-	c:\programdata\VoicePro12\VoiceProInstallCurrentUser.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000Core.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 18:40]
.
2011-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000UA.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 18:40]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 19:59]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 19:59]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 21:20]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 21:20]
.
2012-03-06 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\program files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2012-03-06 14:34]
.
2011-09-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-09-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"combofix"="c:\combofix\CF16861.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dkqm69cp.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,83,b5,48,d6,e5,96,19,cd,74,21,7d,71,5f,68,3c,f7,5b,34,c7,a4,
   b6,75,74,14,1f,2f,f6,88,e3,b2,84,fe,b8,78,ee,53,25,1c,40,f0,75,c4,fe,26,f6,\
"rkeysecu"=hex:65,3c,b3,07,d3,4b,bd,88,b9,9e,f2,98,b1,77,61,a3
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-08  23:20:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-08 22:20
.
Vor Suchlauf: 17 Verzeichnis(se), 27.277.410.304 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.896.732.160 Bytes frei
.
- - End Of File - - 51EBB3970518B7139A43209C817A6FDF
         

ComboFix-Log.

Unter weitere laufende Prozesse listet ComboFix den Avira Antivir-Guad auf, ich hab aber vor dem Scan die Checkbox "Echtzeit-Scanner aktivieren" auf deaktivieren geklickt. Wenn das nur die laufenden Prozesse nach dem Reboot sind passts wohl.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 23:39:39
-----------------------------
23:39:39.024    OS Version: Windows x64 6.1.7601 Service Pack 1
23:39:39.024    Number of processors: 2 586 0x170A
23:39:39.024    ComputerName: CHRISTIAN  UserName: Christian
23:39:40.490    Initialize success
23:41:02.516    AVAST engine defs: 12030801
23:41:05.698    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:41:05.698    Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 11
23:41:05.714    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0
23:41:05.714    Disk 1 Vendor: (  Size: 7580MB BusType: 12
23:41:05.729    Disk 0 MBR read successfully
23:41:05.729    Disk 0 MBR scan
23:41:05.745    Disk 0 Windows VISTA default MBR code
23:41:05.745    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
23:41:05.761    Disk 0 Partition 2 80 (A) 42          SFS NTFS        15000 MB offset 80325
23:41:05.776    Disk 0 Partition 3 00     42          SFS NTFS       114457 MB offset 30800325
23:41:05.807    Disk 0 Partition 4 00     42          SFS            108977 MB offset 265208261
23:41:05.807    Disk 0 scanning C:\Windows\system32\drivers
23:41:05.823    Service scanning
23:41:32.047    Modules scanning
23:41:32.047    Disk 0 trace - called modules:
23:41:32.094    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049d82c0]<<spmc.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
23:41:32.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf2460]
23:41:32.109    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b2c060]
23:41:32.125    \Driver\atapi[0xfffffa8004aef060] -> IRP_MJ_CREATE -> 0xfffffa80049d82c0
23:41:33.685    AVAST engine scan C:\Windows
23:41:33.700    AVAST engine scan C:\Windows\system32
23:41:33.700    AVAST engine scan C:\Windows\system32\drivers
23:41:33.716    AVAST engine scan C:\Users\Christian
23:41:33.716    AVAST engine scan C:\ProgramData
23:41:33.732    Scan finished successfully
23:50:05.231    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
23:50:05.231    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
         

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Super AntiSpyware Log:
(Die Herkunftsangaben von den Tracking-Cookies hab ich selbst gelöscht.)

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/12/2012 at 07:46 AM

Application Version : 5.0.1146

Core Rules Database Version : 8324
Trace Rules Database Version: 6136

Scan type       : Complete Scan
Total Scan Time : 04:31:44

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 719
Memory threats detected   : 0
Registry items scanned    : 69007
Registry threats detected : 0
File items scanned        : 492689
File threats detected     : 44

Adware.Tracking Cookie
	
[...]
         

Malwarebytes-Log:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: CHRISTIAN [Administrator]

Schutz: Aktiviert

11.03.2012 17:53:21
mbam-log-2012-03-11 (17-53-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 653979
Laufzeit: 2 Stunde(n), 16 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Also bis jetzt sehe ich keine weiteren Probleme. Vielen Dank für die Hilfe!

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.