Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malwareinfektion Live Security Platinum

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.07.2012, 00:01   #1
Redneck
 
Malwareinfektion Live Security Platinum - Unglücklich

Malwareinfektion Live Security Platinum



Hallo,

erstmal vielen Dank für Eure sehr hilfreiches Forum.
Ich habe mir beim Surfen mit Firefox die Malware Live Security Platinum eingehandelt.
Ich hatte das bekannte Problem, dass jede Anwendung, die ich zur Bekämpfung der Malware installieren/starten wollte (Spybot, Malwarebytes, CC-Cleaner) geblockt wurde. Auch Antivir hat sich immer wieder gemeldet, konnte aber nichts entfernen.
Erst nach einem Neustart, konnte ich Malwarebytes installieren und anwenden.
Malwarebytes hatte 23 infizierte Dateien gefunden, diese habe ich entfernt (in Quarantäne verschoben).
Dann habe ich Euren Schritt 2 penibel abgearbeitet.
Hier die OTL-txt-Datei
OTL logfile created on: 21.07.2012 00:16:54 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Redneck\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,08% Memory free
15,82 Gb Paging File | 13,64 Gb Available in Paging File | 86,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 371,16 Gb Free Space | 82,30% Space Free | Partition Type: NTFS

Computer Name: REDNECK-PC | User Name: Redneck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.21 00:11:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Redneck\Downloads\OTL.exe
PRC - [2012.07.08 14:16:28 | 000,019,800 | ---- | M] (Smartbar) -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Linkury.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.26 20:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.04.13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.10.01 18:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2009.07.06 21:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.08 14:17:18 | 000,016,216 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012.07.08 14:17:14 | 000,046,936 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll
MOD - [2012.07.08 14:17:14 | 000,024,920 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2012.07.08 14:17:12 | 000,019,288 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012.07.08 14:17:06 | 000,044,888 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2012.07.08 14:17:06 | 000,013,144 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012.07.08 14:17:02 | 000,068,440 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012.07.08 14:17:00 | 000,034,648 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012.07.08 14:16:56 | 000,015,704 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012.07.08 14:16:54 | 000,079,192 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012.07.08 14:16:48 | 000,018,264 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012.07.08 14:16:46 | 000,054,616 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012.07.08 14:16:40 | 000,012,120 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012.07.08 14:16:38 | 000,031,064 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012.07.08 14:16:36 | 000,013,144 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2012.07.08 14:16:36 | 000,012,632 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012.07.08 14:16:32 | 001,276,760 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012.07.08 14:16:32 | 000,080,728 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012.07.08 14:16:30 | 000,565,592 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2012.07.08 14:14:46 | 000,046,936 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2012.07.08 14:14:32 | 000,013,656 | ---- | M] () -- C:\Users\Redneck\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2012.07.02 21:12:32 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.24 19:32:26 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012.06.24 19:31:58 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.24 19:31:51 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.23 17:31:52 | 008,013,664 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012.06.23 17:31:52 | 000,145,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2012.05.15 20:35:03 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.05.15 20:34:17 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.15 19:59:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.15 19:58:06 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.15 19:57:58 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.15 19:57:52 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.15 19:57:48 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.15 19:57:14 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.08.06 00:31:55 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.21 05:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.05.12 08:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.03 17:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV - [2012.07.19 18:42:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.25 11:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.17 21:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.12.03 17:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.10.01 18:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.12 12:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.12 08:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.10 21:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.25 11:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010.12.17 21:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.12.17 21:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.12.17 21:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.12.17 21:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.12.17 21:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.12.17 21:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.17 21:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.12.16 05:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.13 16:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.24 18:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.21 16:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.08.20 18:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.04.10 21:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{E19BC0F9-BDB3-46C5-9E95-A8C57CFFB05B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f6750e00-6025-4d9f-80b5-a2dc4ae8f19d&apn_sauid=B5E9F3E2-4F12-4C37-8042-3739F9F09337
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=3225f6fc-c7a9-4892-9382-bba5435d4a38&affid=110774&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.08.05 22:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 18:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.15 08:55:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 18:42:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.15 08:55:00 | 000,000,000 | ---D | M]

[2011.08.23 19:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redneck\AppData\Roaming\mozilla\Extensions
[2012.07.17 20:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redneck\AppData\Roaming\mozilla\Firefox\Profiles\oupxciwy.default\extensions
[2011.08.23 19:28:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Redneck\AppData\Roaming\mozilla\Firefox\Profiles\oupxciwy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.08 15:26:58 | 000,002,474 | ---- | M] () -- C:\Users\Redneck\AppData\Roaming\Mozilla\Firefox\Profiles\oupxciwy.default\searchplugins\Web Search.xml
[2012.05.13 12:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.13 12:32:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 18:42:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.21 21:56:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.26 20:09:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 20:09:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 20:09:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 20:09:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 20:09:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 20:09:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Redneck\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Redneck\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Redneck\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C5E9381-FFB1-4F03-A97B-BAEE1F13FB12}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBA331D0-4A4A-482B-A98A-0C0ED4F1688F}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03259ca7-b7bd-11e1-90ca-3859f931826a}\Shell - "" = AutoRun
O33 - MountPoints2\{03259ca7-b7bd-11e1-90ca-3859f931826a}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe
O33 - MountPoints2\{6c691d4a-ce6d-11e0-85aa-3859f931826a}\Shell - "" = AutoRun
O33 - MountPoints2\{6c691d4a-ce6d-11e0-85aa-3859f931826a}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{6c691d4a-ce6d-11e0-85aa-3859f931826a}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{6c691d4a-ce6d-11e0-85aa-3859f931826a}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.21 00:01:44 | 000,000,000 | R--D | C] -- C:\Users\Redneck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.07.20 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Redneck\AppData\Roaming\Malwarebytes
[2012.07.20 23:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.20 23:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.20 23:50:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.20 23:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.20 21:38:34 | 000,000,000 | ---D | C] -- C:\Users\Redneck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.20 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA91AF9F2BC2CB7A50CF875F002
[2012.07.14 00:16:32 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.02 20:40:13 | 000,000,000 | ---D | C] -- C:\Users\Redneck\AppData\Local\AskToolbar
[2012.06.26 20:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.06.26 20:08:39 | 000,000,000 | ---D | C] -- C:\Users\Redneck\AppData\Roaming\pdfforge
[2012.06.26 20:08:37 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2012.06.26 20:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.06.23 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Redneck\AppData\Local\Smartbar
[2012.06.23 17:31:22 | 000,000,000 | ---D | C] -- C:\Users\Redneck\AppData\Roaming\OpenCandy

========== Files - Modified Within 30 Days ==========

[2012.07.21 00:14:42 | 000,000,000 | ---- | M] () -- C:\Users\Redneck\defogger_reenable
[2012.07.21 00:13:01 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 00:13:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 00:08:39 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 00:08:39 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 00:08:00 | 001,642,700 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.21 00:08:00 | 000,708,076 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.21 00:08:00 | 000,663,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.21 00:08:00 | 000,151,828 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.21 00:08:00 | 000,124,774 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.21 00:01:36 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.07.21 00:01:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.21 00:01:05 | 2074,480,639 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 23:51:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 23:47:20 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012.07.12 23:09:13 | 000,063,113 | ---- | M] () -- C:\Users\Redneck\Desktop\1und1_Preisliste_Mobilfunktarife_Freephone_Flat_SMS.pdf
[2012.07.12 21:15:45 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.10 21:54:53 | 000,339,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.26 20:08:41 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.06.26 20:08:41 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk

========== Files Created - No Company Name ==========

[2012.07.21 00:14:42 | 000,000,000 | ---- | C] () -- C:\Users\Redneck\defogger_reenable
[2012.07.20 23:50:57 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 22:39:28 | 000,001,696 | ---- | C] () -- C:\Users\Redneck\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000001.@
[2012.07.20 22:35:07 | 000,022,528 | ---- | C] () -- C:\Users\Redneck\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\800000cb.@
[2012.07.20 22:35:07 | 000,016,896 | ---- | C] () -- C:\Users\Redneck\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
[2012.07.12 23:09:13 | 000,063,113 | ---- | C] () -- C:\Users\Redneck\Desktop\1und1_Preisliste_Mobilfunktarife_Freephone_Flat_SMS.pdf
[2012.06.26 20:08:41 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.06.26 20:08:41 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.01.10 20:27:51 | 000,002,048 | -HS- | C] () -- C:\Users\Redneck\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
[2011.09.09 19:52:12 | 000,000,000 | ---- | C] () -- C:\Users\Redneck\AppData\Local\rx_image32.Cache
[2011.09.07 19:23:47 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2011.08.24 18:38:45 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.08.23 19:53:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.08.23 19:34:43 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2011.08.23 19:32:30 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2011.08.06 00:12:51 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.08.06 00:12:29 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011.08.06 00:12:29 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.08.06 00:12:29 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.08.06 00:12:29 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.08.06 00:12:29 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.08.06 00:12:28 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.08.06 00:11:08 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011.08.06 00:11:05 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011.08.06 00:11:05 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011.08.06 00:11:05 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011.08.06 00:11:04 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011.08.06 00:11:04 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011.08.06 00:11:04 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011.08.06 00:11:04 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011.08.05 22:08:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.08.05 22:02:32 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.08.05 21:56:11 | 001,620,798 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.08.05 21:54:07 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.12 06:57:52 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

========== LOP Check ==========

[2011.08.24 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\DAEMON Tools Lite
[2011.08.23 18:40:59 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\DigitalPersona
[2012.07.19 18:40:58 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\DVDVideoSoft
[2012.07.14 00:16:34 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.31 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\Kalypso Media
[2012.06.23 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\OpenCandy
[2012.01.09 22:53:11 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\PCDr
[2012.06.26 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\pdfforge
[2011.11.17 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\streamripper
[2011.08.24 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\Thunderbird
[2012.01.20 01:32:22 | 000,000,000 | ---D | M] -- C:\Users\Redneck\AppData\Roaming\Tropico 4
[2012.07.12 21:15:45 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.19 07:11:15 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.07.20 23:47:20 | 000,000,506 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

Ich habe alle log-files
1.OTL
2.Extras
3.mbam-log

gezippt und angehängt.

Würde mich sehr freuen von Euch zu hören.
Natürlich am liebsten würde ich hören, dass mein guter Computer wieder sauber ist.

Vielen Dank für Eure Unterstützung.

Gruß
Redneck

Alt 23.07.2012, 11:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwareinfektion Live Security Platinum - Standard

Malwareinfektion Live Security Platinum



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 24.07.2012, 07:26   #3
Redneck
 
Malwareinfektion Live Security Platinum - Standard

Malwareinfektion Live Security Platinum



Moin Arne,

habe Deine Liste abgearbeitet. Leider liegt mir von Malwarebytes nur eine scan-log-file nach Infektion vor.
Ich habe nun gestern den Vollscan durchgeführt.
Hier die log-file:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Redneck :: REDNECK-PC [Administrator]

Schutz: Aktiviert

23.07.2012 19:49:47
mbam-log-2012-07-23 (19-49-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359091
Laufzeit: 1 Stunde(n), 16 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Redneck\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Patches+Software\Clone CD\Clonecd4.0.0.1kg.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Und hier das log-file von Eset-Scan:

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0df6d96d83b7fd4cb16861a005b6cd33
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 10:51:24
# local_time=2012-07-24 12:51:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 4674064 4674064 0 0
# compatibility_mode=1792 16777215 100 0 4673456 4673456 0 0
# compatibility_mode=5893 16776574 100 94 30493033 94706469 0 0
# compatibility_mode=8192 67108863 100 0 10731 10731 0 0
# scanned=179848
# found=3
# cleaned=0
# scan_time=7264
C:\Users\Redneck\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@	Win64/Sirefef.AL trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Redneck\Downloads\Software\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
E:\Sicherung nach LiveSecurityPlatinum Befall\Downloads\Software\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
         
Beide haben 2 infizierte unterschiedliche Dateien gefunden.
Die 2 von Malwarebytes detektierten Dateien habe ich bereits danach über MWB entfernt.

Die 2 von Eset detektierten Dateien habe ich, wie von Dir empfohlen, erstmal nicht entfernt.

Wie gehts weiter?

Danke+Gruß
Redneck
__________________

Alt 24.07.2012, 16:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwareinfektion Live Security Platinum - Standard

Malwareinfektion Live Security Platinum



Code:
ATTFilter
E:\Patches+Software\Clone CD\Clonecd4.0.0.1kg.exe (Trojan.Agent.CK)
         
Ist ein Keygen für CloneCD!

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Malwareinfektion Live Security Platinum
adobe, antivir, autorun, avira, avira searchfree toolbar, bho, candy, desktop, error, excel, firefox, format, google earth, home, igdpmd64.sys, infizierte dateien, logfile, malware, mobilfunk, mozilla, opencandy, plug-in, port, problem, realtek, registry, scan, searchscopes, security, server, smartbar, software, usb, usb 3.0, windows, wlan




Ähnliche Themen: Malwareinfektion Live Security Platinum


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (31)
  3. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  4. Live Security Platinum
    Log-Analyse und Auswertung - 14.08.2012 (12)
  5. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (33)
  6. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (3)
  7. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (6)
  8. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (5)
  9. Live Security Platinum
    Log-Analyse und Auswertung - 06.08.2012 (1)
  10. Live Security Platinum
    Log-Analyse und Auswertung - 04.08.2012 (5)
  11. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (1)
  12. Live Security Platinum
    Log-Analyse und Auswertung - 01.08.2012 (1)
  13. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  14. live security platinum
    Log-Analyse und Auswertung - 17.07.2012 (3)
  15. Log <-- live security platinum
    Log-Analyse und Auswertung - 15.07.2012 (1)
  16. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Live Security Platinum
    Alles rund um Windows - 10.07.2012 (1)

Zum Thema Malwareinfektion Live Security Platinum - Hallo, erstmal vielen Dank für Eure sehr hilfreiches Forum. Ich habe mir beim Surfen mit Firefox die Malware Live Security Platinum eingehandelt. Ich hatte das bekannte Problem, dass jede Anwendung, - Malwareinfektion Live Security Platinum...
Archiv
Du betrachtest: Malwareinfektion Live Security Platinum auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.