Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen

Waterdragon · 11.08.2012, 17:53

Hallo zusammen,

ich habe mir den Trojaner AT/ATRAPS.GEN2 eingefangen. Avira meldet sich alle paar Minuten, aber weder Quarantäne noch Entfernen bringen etwas. Könnt Ihr mir bitte helfen, den Trojaner vom System zu entfernen?

Die Logs von Defogger, OTL, MBAM und ESET habe ich vorsorglich schon mal erstellt:

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:39 on 11/08/2012 (Maus)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 11.08.2012 13:49:11 - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,64% Memory free
8,23 Gb Paging File | 6,35 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,83 Gb Free Space | 32,41% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 22,77 Gb Free Space | 46,63% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,55 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 58,57 Gb Free Space | 74,97% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 67,97 Gb Free Space | 86,99% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,91 Gb Free Space | 43,29% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 32 BE 78 E3 6C CD 01  [binary data]
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b887fd8b-c7b7-4d99-85f5-a9c4bc37a01b&apn_sauid=041AD562-8D9C-45DF-ADD9-912C499EED13
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b887fd8b-c7b7-4d99-85f5-a9c4bc37a01b&apn_ptnrs=%5EABT&apn_sauid=041AD562-8D9C-45DF-ADD9-912C499EED13&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions
[2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions
[2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u7-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.05.01 16:01:27 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 21:27:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.08 21:02:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.07 09:25:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.04 12:26:37 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.04 12:26:37 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.15 11:58:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.15 11:58:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.15 11:58:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.15 11:58:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.15 11:58:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.15 11:58:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.15 11:58:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.15 11:58:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.15 11:58:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.15 11:58:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.15 11:58:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.15 11:58:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.15 11:58:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 11:57:10 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.15 11:57:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.15 11:57:05 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.11 13:24:10 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.11 13:24:10 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.11 13:24:10 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.11 13:24:10 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.11 13:24:10 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.11 13:18:24 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 13:18:24 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 13:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 21:27:17 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | M] () -- C:\Users\Maus\defogger_reenable
[2012.08.08 20:57:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.08 20:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Maus\Desktop\Defogger.exe
[2012.08.07 09:25:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.07 08:44:17 | 000,003,584 | ---- | M] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 12:26:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.04 12:26:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.15 12:07:04 | 000,255,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.11 13:22:56 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@
[2012.08.11 11:08:54 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
[2012.08.11 11:08:54 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
[2012.08.08 21:27:17 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable
[2012.08.08 20:58:13 | 000,050,477 | ---- | C] () -- C:\Users\Maus\Desktop\Defogger.exe
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe
[2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.08.11 11:50:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 11.08.2012 13:49:11 - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,64% Memory free
8,23 Gb Paging File | 6,35 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,83 Gb Free Space | 32,41% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 22,77 Gb Free Space | 46,63% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,55 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 58,57 Gb Free Space | 74,97% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 67,97 Gb Free Space | 86,99% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,91 Gb Free Space | 43,29% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "L:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "L:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "L:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "L:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9D C2 5A C1 A5 40 CD 01  [binary data]
"VistaSp2" = 61 F0 43 92 CF 40 CD 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"dm-Fotowelt" = dm-Fotowelt
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 15:22:07 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode
 0xc0000138, Fehleroffset 0x0006f52f,  Prozess-ID 0x6fc, Anwendungsstartzeit 01cd59512305e817.
 
Error - 03.07.2012 15:22:39 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode
 0xc0000138, Fehleroffset 0x0006f52f,  Prozess-ID 0xf20, Anwendungsstartzeit 01cd595135b61617.
 
Error - 05.07.2012 09:42:22 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_262.exe, Version 
11.3.300.262, Zeitstempel 0x4fe20fae, fehlerhaftes Modul NPSWF32_11_3_300_262.dll,
 Version 11.3.300.262, Zeitstempel 0x4fe21212, Ausnahmecode 0xc0000005, Fehleroffset
 0x0066d2ff,  Prozess-ID 0x414, Anwendungsstartzeit 01cd5ab06224eb93.
 
Error - 06.07.2012 11:18:02 | Computer Name = Maus-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.07.2012 16:14:46 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dm-Fotowelt.exe, Version 0.0.0.0, Zeitstempel
 0x4fbc8b1d, fehlerhaftes Modul QtGui4.dll, Version 4.7.1.0, Zeitstempel 0x4e5e511b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0044c4e3,  Prozess-ID 0x1270, Anwendungsstartzeit
 01cd5bb2c2ffaf20.
 
Error - 03.08.2012 03:25:02 | Computer Name = Maus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: d70  Anfangszeit: 01cd7142895c027c  Zeitpunkt der
 Beendigung: 31
 
Error - 07.08.2012 02:38:54 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.6.0, Zeitstempel 0x4bb3ad56,
 fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode
 0xc0000138, Fehleroffset 0x0006f52f,  Prozess-ID 0x1154, Anwendungsstartzeit 01cd74674ead6fd8.
 
Error - 07.08.2012 03:25:02 | Computer Name = Maus-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 07.08.2012 03:30:03 | Computer Name = Maus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: f10  Anfangszeit: 01cd74664c50c808  Zeitpunkt der
 Beendigung: 16
 
Error - 08.08.2012 15:39:45 | Computer Name = Maus-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\__TROJANER\Tools\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
[ System Events ]
Error - 10.08.2012 11:57:48 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >

MBAM Quickscan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Maus :: MAUS-PC [Administrator]

Schutz: Aktiviert

11.08.2012 14:01:01
quick_mbam-log-2012-08-11 (14-02-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 187276
Laufzeit: 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt.

(Ende)

MBAM Fullscan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Maus :: MAUS-PC [Administrator]

Schutz: Aktiviert

11.08.2012 14:03:48
fullscan_mbam-log-2012-08-11 (15-49-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 546221
Laufzeit: 56 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt.
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$R2XFZGP.exe (PUP.BundleInstaller.DU) -> Keine Aktion durchgeführt.

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d8e22ba478565479d53ad3231b62efe
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 02:04:43
# local_time=2012-08-11 04:04:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6468947 6468947 0 0
# compatibility_mode=5892 16776574 66 45 6063315 182217704 0 0
# compatibility_mode=8192 67108863 100 0 124 124 0 0
# scanned=3251
# found=0
# cleaned=0
# scan_time=85
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d8e22ba478565479d53ad3231b62efe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 04:35:01
# local_time=2012-08-11 06:35:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6469193 6469193 0 0
# compatibility_mode=5892 16776574 66 45 6063561 182217950 0 0
# compatibility_mode=8192 67108863 100 0 370 370 0 0
# scanned=364216
# found=4
# cleaned=0
# scan_time=8857
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5ad13017-5e4c979f	a variant of Java/Exploit.CVE-2012-1723.AB trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@	Win64/Sirefef.AL trojan (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$R2XFZGP.exe	a variant of Win32/DownloadGuru application (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$RC18HX4.exe	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I

Vielen Dank im Vorraus!

Grüße,
Waterdragon

cosinus · 15.08.2012, 17:19

Zitat:

ich habe mir den Trojaner AT/ATRAPS.GEN2 eingefangen. Avira meldet sich alle paar Minuten, aber weder Quarantäne noch Entfernen bringen etwas.

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Waterdragon · 15.08.2012, 20:10

Hallo,

zusätzlich zu den obigen Logs hier noch das Log vom Avira:

Code:

ATTFilter


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 11. August 2012  11:04

Es wird nach 4086926 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MAUS-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  08.08.2012 17:14:35
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL       : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17     232200 Bytes  28.05.2012 17:09:39
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 15:43:43
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 15:43:43
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 15:43:43
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 15:43:43
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 15:43:43
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 15:43:43
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 15:43:43
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 15:43:43
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 15:43:43
VBASE014.VDF   : 7.11.38.18   2554880 Bytes  30.07.2012 09:48:06
VBASE015.VDF   : 7.11.38.70    556032 Bytes  31.07.2012 09:48:07
VBASE016.VDF   : 7.11.38.143   171008 Bytes  02.08.2012 12:59:02
VBASE017.VDF   : 7.11.38.221   178176 Bytes  06.08.2012 06:35:33
VBASE018.VDF   : 7.11.39.37    168448 Bytes  08.08.2012 17:14:33
VBASE019.VDF   : 7.11.39.89    131072 Bytes  09.08.2012 09:18:42
VBASE020.VDF   : 7.11.39.90      2048 Bytes  09.08.2012 09:18:42
VBASE021.VDF   : 7.11.39.91      2048 Bytes  09.08.2012 09:18:42
VBASE022.VDF   : 7.11.39.92      2048 Bytes  09.08.2012 09:18:42
VBASE023.VDF   : 7.11.39.93      2048 Bytes  09.08.2012 09:18:42
VBASE024.VDF   : 7.11.39.94      2048 Bytes  09.08.2012 09:18:42
VBASE025.VDF   : 7.11.39.95      2048 Bytes  09.08.2012 09:18:42
VBASE026.VDF   : 7.11.39.96      2048 Bytes  09.08.2012 09:18:42
VBASE027.VDF   : 7.11.39.97      2048 Bytes  09.08.2012 09:18:42
VBASE028.VDF   : 7.11.39.98      2048 Bytes  09.08.2012 09:18:42
VBASE029.VDF   : 7.11.39.99      2048 Bytes  09.08.2012 09:18:43
VBASE030.VDF   : 7.11.39.100     2048 Bytes  09.08.2012 09:18:43
VBASE031.VDF   : 7.11.39.120    51712 Bytes  10.08.2012 09:18:43
Engineversion  : 8.2.10.132
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 06:31:23
AESCRIPT.DLL   : 8.1.4.42      459129 Bytes  10.08.2012 09:18:44
AESCN.DLL      : 8.1.8.2       131444 Bytes  16.02.2012 16:11:36
AESBX.DLL      : 8.2.5.12      606578 Bytes  25.06.2012 08:24:58
AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32
AEPACK.DLL     : 8.3.0.24      811381 Bytes  08.08.2012 17:14:34
AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  20.07.2012 07:24:19
AEHEUR.DLL     : 8.1.4.86     5165429 Bytes  10.08.2012 09:18:44
AEHELP.DLL     : 8.1.23.2      258422 Bytes  28.06.2012 15:13:38
AEGEN.DLL      : 8.1.5.34      434548 Bytes  20.07.2012 07:24:14
AEEXP.DLL      : 8.1.0.74       86387 Bytes  03.08.2012 12:59:06
AEEMU.DLL      : 8.1.3.2       393587 Bytes  11.07.2012 06:31:22
AECORE.DLL     : 8.1.27.4      201078 Bytes  08.08.2012 17:14:34
AEBB.DLL       : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL     : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL     : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 17:14:35
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 17:14:33
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  08.08.2012 17:14:33

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5026201b\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Samstag, 11. August 2012  11:04

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@'
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '550389f1.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@'
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d94a656.qua' verschoben!


Ende des Suchlaufs: Samstag, 11. August 2012  11:05
Benötigte Zeit: 00:08 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     14 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     12 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise

Grüße,
Marco

cosinus · 16.08.2012, 09:06

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Waterdragon · 16.08.2012, 18:23

Hallo,

hier das Log des AdwCleaners:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/16/2012 at 19:21:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Maus - MAUS-PC
# Boot Mode : Normal
# Running from : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Maus\AppData\Local\AskToolbar
Folder Found : C:\Users\Maus\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Maus\AppData\LocalLow\AskToolbar
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\AskToolbar
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [6299 octets] - [16/08/2012 19:21:57]

########## EOF - C:\AdwCleaner[R1].txt - [6427 octets] ##########

Grüße,
Marco

cosinus · 17.08.2012, 19:15

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Waterdragon · 18.08.2012, 17:27

Hallo,

und hier das Log nach dem Delete:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/18/2012 at 18:23:06
# Updated 14/08/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Maus - MAUS-PC
# Boot Mode : Normal
# Running from : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Maus\AppData\Local\AskToolbar
Deleted on reboot : C:\Users\Maus\AppData\Local\Temp\AskSearch
Deleted on reboot : C:\Users\Maus\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [6378 octets] - [16/08/2012 19:21:57]
AdwCleaner[S1].txt - [4447 octets] - [18/08/2012 18:23:06]

########## EOF - C:\AdwCleaner[S1].txt - [4575 octets] ##########

Grüße,
Marco

cosinus · 20.08.2012, 16:19

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Waterdragon · 20.08.2012, 16:47

Windows läuft ohne Probleme und im Startmenü scheint nichts zu fehlen.

Grüße,
Marco

cosinus · 21.08.2012, 11:55

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Waterdragon · 21.08.2012, 16:00

Hallo,

und hier das Log des OTL-Quickscans:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.08.2012 16:46:30 - Run 3
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free
8,17 Gb Paging File | 6,63 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 10,89 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,74 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,50 Gb Free Space | 80,89% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 53,51 Gb Free Space | 68,49% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 49,26 Gb Free Space | 63,05% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,21 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (NMSAccess) -- I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 F3 C7 4D D7 7B CD 01  [binary data]
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions
[2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions
[2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u7-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 16:43:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.16 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\GHISLER
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.08.16 19:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Western Digital
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2012.08.14 19:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.08.14 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.08.14 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.08.12 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.08.11 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.08 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 21:27:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.07 09:25:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 16:48:54 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.21 16:48:54 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 16:48:54 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.21 16:48:53 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 16:48:53 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.21 16:43:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.21 16:41:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 16:41:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 16:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 19:20:14 | 000,618,227 | ---- | M] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.08 21:00:10 | 000,000,000 | ---- | M] () -- C:\Users\Maus\defogger_reenable
[2012.08.07 09:25:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.07 08:44:17 | 000,003,584 | ---- | M] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.08.19 09:57:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
[2012.08.19 09:57:19 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
[2012.08.17 17:11:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@
[2012.08.16 19:21:00 | 000,618,227 | ---- | C] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.12 12:02:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe
[2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.08.21 14:51:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.02 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe
[2012.05.29 06:32:13 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ATI
[2012.05.28 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities
[2012.05.28 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia
[2012.08.08 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs
[2012.08.14 20:23:42 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.07.02 21:52:22 | 000,000,000 | RH-D | M] -- C:\Users\Maus\AppData\Roaming\SecuROM
[2012.07.01 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 06:34:16 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.19 07:09:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<      >

< End of report >
--- --- ---

Grüße,
Marco

cosinus · 30.08.2012, 11:26

Code:

ATTFilter

Drive C: | 48,83 Gb Total Space | 10,89 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: |  2,87 Gb Total Space |  2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,74 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,50 Gb Free Space | 80,89% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space |  8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 53,51 Gb Free Space | 68,49% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 49,26 Gb Free Space | 63,05% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,21 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: |  9,77 Gb Total Space |  1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS

Sind das tatsächlich so viele verschiedene Laufwerk oder hast du es mit der Partitionierung ein wenig übertrieben?

Waterdragon · 30.08.2012, 12:23

Alles Partitionen. Je eine für Vista, XP, Linux und der Rest "thematisch" getrennt. Wobei die ein oder andere weniger hätte es auch getan

. Ist das denn ein Problem ?

cosinus · 30.08.2012, 19:30

Naja, ich hätte nicht so viele Splitter-Partitionen genommen
Pro Betriebssystem eine Partition ist ja logisch aber du meinst du hättest eine für Linux? Ich hab da oben nur NTFS-Partitionen zitiert

Und zur thematischen Trennung seh ich u.U. auch einige Nachteile, statt unflexiblen "statischen" Partitionen hätte man auch mehrere Verzeichnisse verwenden können, dafür sind Ordner da.

Waterdragon · 02.09.2012, 18:04

Ja, ext2 und swap gibt's auch noch. Hat das Tool wohl nicht erkannt oder angezeigt ...

Zitat:

Und zur thematischen Trennung seh ich u.U. auch einige Nachteile

Welche Nachteile gibt's denn da?

Wie machen wir denn mit dem Trojaner weiter, oder stört dabei die Anzahl die Partitionen?

Grüße,
Waterdragon

20.08.2012, 16:19	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen

Plagegeister aller Art und deren Bekämpfung: Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen