spezifisches Problem mit dem Ukash Trojaner "Der Computer ist für die Verletzung der Gesezte der Bundesrepublik....

AMuc · 10.09.2012, 14:03

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=426ebaaa042d4741b18af6d51ec4ac15
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-10 12:58:09
# local_time=2012-09-10 02:58:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 41162 184807848 0 0
# compatibility_mode=8192 67108863 100 0 511 511 0 0
# scanned=180047
# found=2
# cleaned=2
# scan_time=6769
C:\downloads\.zip Win32/SoftonicDownloader application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\09042012_111433\C_Users\Susi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6a9baac3-1e1c7f77 Java/Exploit.CVE-2012-1723.BJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

t'john · 11.09.2012, 00:08

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

AMuc · 11.09.2012, 10:33

Ich hab die neueste Java Version extra entfernt, weil bei euch im Forum stand dass man sie entfernen soll, weil sie eine Menge Sicherheitslücken haben können?

t'john · 12.09.2012, 12:00

Richtig!

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

AMuc · 16.09.2012, 18:48

Hallo,
ich war gerade dabie die ganze Liste abzuarbeiten. Dafür hatte ich mir extra heute Zeit genommen. Ich war schon beim Defragementieren angekommen. (dauert noch ca 17 Stunden) und nun ist dieser verdammte Trojaner wieder da. Wie gehabt ist auf dem anderen Nutzer alles grau und blockiert.
Ich breche jetzt mal die Defrag ab.
So eine Sch....

Ich war jetzt mal so frei und hab einen Scan mit Malwarebytes gemacht.
Hier das log:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.16.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Aziz :: SUSI-PC [Administrator]

16.09.2012 19:58:32
mbam-log-2012-09-16 (20-17-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214919
Laufzeit: 17 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Susi\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Users\Susi\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.
C:\Users\Susi\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

(Ende)

und hier die log von otk:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.09.2012 21:04:47 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Aziz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,55% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 74,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 11,26 Gb Free Space | 4,83% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 17,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSI-PC | User Name: Aziz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.02 10:21:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aziz\Desktop\OTL.exe
PRC - [2012.08.22 08:42:48 | 000,510,960 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
PRC - [2012.08.22 08:42:48 | 000,343,024 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.07.21 10:50:22 | 000,084,480 | ---- | M] (Steganos Software GmbH) -- C:\Program Files\Steganos Safe 12\SteganosHotKeyService.exe
PRC - [2011.07.21 10:48:42 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files\Steganos Safe 12\fredirstarter.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010.12.03 11:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.08.26 11:36:00 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009.08.18 18:12:00 | 000,546,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
PRC - [2009.08.01 05:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.07.30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009.06.19 19:31:38 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009.06.08 14:34:00 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009.06.03 15:33:00 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.07.24 11:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2005.10.18 03:04:00 | 000,379,812 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe
PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 08:42:48 | 000,510,960 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009.08.01 05:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2006.11.02 11:46:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2002.06.17 15:33:54 | 000,032,768 | ---- | M] () -- C:\Program Files\Brockhaus Multimedia\Brockhaus multimedial\kapkey.dll
MOD - [2002.01.17 20:16:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\hookmod.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.02 15:41:29 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.22 08:42:48 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010.12.03 11:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.07.30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.10.18 03:04:00 | 000,379,812 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.12 18:21:14 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.07.12 18:21:14 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.07.12 18:21:13 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.07.12 18:21:13 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.04.28 02:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120507.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.04.14 11:58:21 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120507.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.04.14 11:58:21 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120507.022\NAVENG.SYS -- (NAVENG)
DRV - [2012.04.03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.02.04 06:25:50 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.02.04 06:25:50 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.01.18 14:30:30 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012.01.18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.05.11 15:36:33 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 03:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010.10.10 11:04:38 | 000,244,224 | ---- | M] (10Moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TridVid6010.sys -- (TridVid)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2009.08.28 11:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009.08.05 14:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.08.05 12:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009.07.28 20:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 11:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.06.19 09:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 09:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.03.31 12:55:32 | 000,596,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2008.03.31 12:55:31 | 000,023,584 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Cinergy_Hybrid_XE_HID.sys -- (TTHID)
DRV - [2008.01.19 07:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.10.18 03:04:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005.07.07 16:26:04 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
DRV - [2005.07.07 16:26:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 16:25:58 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 16:25:52 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.07.07 16:25:50 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 79 0F 9F 32 94 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{CA6F2137-CD38-4210-B9E2-3FC49F1894EF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=f82067ab-4ce1-4333-a785-95a6296261ee&apn_sauid=D68069E9-9208-454F-AD72-7AA80D069EC0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.10 08:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.23 02:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.23 02:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_9_4 [2012.09.16 20:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.13 13:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.16 17:36:13 | 000,000,000 | ---D | M]
 
[2012.09.03 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aziz\AppData\Roaming\mozilla\Extensions
[2012.09.03 18:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aziz\AppData\Roaming\mozilla\Firefox\Profiles\9hshjfio.default\extensions
[2012.08.13 13:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe (Hamster Soft)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SAFE12 File Redirection Starter] C:\Program Files\Steganos Safe 12\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE12 HotKeys] C:\Program Files\Steganos Safe 12\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\microsoft shared\Reference 2001\EROProj.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{929E0CA3-D617-4B02-BEC7-6CCA557E7826}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\microsoft shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.14 10:28:50 | 000,000,095 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{74478c2a-cc38-11e1-914a-a6fcf1d9db18}\Shell - "" = AutoRun
O33 - MountPoints2\{74478c2a-cc38-11e1-914a-a6fcf1d9db18}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 10:45:57 | 015,216,376 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.16 19:53:27 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Malwarebytes
[2012.09.16 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.16 19:53:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.16 19:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.16 18:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.09.16 17:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.09.16 17:35:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.14 00:45:08 | 000,739,472 | ---- | C] (Data Dynamics) -- C:\Windows\System32\sg20O.ocx
[2012.09.14 00:45:08 | 000,208,896 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbPrinter.dll
[2012.09.14 00:45:08 | 000,122,880 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbNet.dll
[2012.09.14 00:45:08 | 000,065,536 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\CBXML.dll
[2012.09.14 00:45:08 | 000,053,248 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbvCalendar.dll
[2012.09.14 00:45:08 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\SSubTmr6.dll
[2012.09.14 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker für Windows
[2012.09.14 00:45:07 | 000,057,344 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbSysHTrck.dll
[2012.09.14 00:45:07 | 000,040,960 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\CBDTPicker.dll
[2012.09.14 00:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Wecker6
[2012.09.14 00:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker 2.2
[2012.09.14 00:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Wecker 2.2
[2012.09.14 00:37:15 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.09.07 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.09.04 10:12:03 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Aziz\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.03 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Macromedia
[2012.09.03 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Mozilla
[2012.09.03 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Mozilla
[2012.09.02 13:25:16 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Nitro PDF
[2012.09.02 12:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.02 12:38:21 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.02 12:38:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.09.02 12:37:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.09.02 12:37:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.09.02 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Paint.NET
[2012.09.02 10:20:37 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Aziz\Desktop\OTL.exe
[2012.09.01 07:54:01 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Apple
[2012.08.31 04:05:56 | 000,000,000 | ---D | C] -- C:\Users\Aziz\DoctorWeb
[2012.08.31 03:35:55 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Adobe
[2012.08.30 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\HamsterSoft
[2012.08.30 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Leadertech
[2012.08.30 12:46:04 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\vlc
[2012.08.30 00:20:38 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\AVerMedia
[2012.08.29 21:58:24 | 000,000,000 | ---D | C] -- C:\Users\Aziz\Documents\AVerTV
[2012.08.29 21:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.08.29 21:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.29 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Macromedia
[2012.08.29 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Adobe
[2012.08.29 20:10:23 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Logitech® Webcam-Software
[2012.08.29 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.29 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Toshiba
[2012.08.29 20:08:24 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Steganos
[2012.08.29 20:08:22 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Scansoft
[2012.08.29 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.29 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Searches
[2012.08.29 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.29 20:08:05 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Identities
[2012.08.29 20:08:02 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Contacts
[2012.08.29 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\VirtualStore
[2012.08.29 20:03:25 | 000,000,000 | --SD | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Videos
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Saved Games
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Pictures
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Music
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Links
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Favorites
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Downloads
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Documents
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Desktop
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Vorlagen
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\AppData\Local\Verlauf
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\AppData\Local\Temporary Internet Files
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Startmenü
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\SendTo
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Recent
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Netzwerkumgebung
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Lokale Einstellungen
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Documents\Eigene Videos
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Documents\Eigene Musik
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Eigene Dateien
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Documents\Eigene Bilder
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Druckumgebung
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Cookies
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\AppData\Local\Anwendungsdaten
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Anwendungsdaten
[2012.08.29 20:03:25 | 000,000,000 | -H-D | C] -- C:\Users\Aziz\AppData
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Temp
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Microsoft Help
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Microsoft
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Media Center Programs
[2012.08.21 05:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.08.21 05:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.08.21 05:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2012.08.21 05:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.08.21 05:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.08.20 13:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 21:02:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.16 20:57:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 20:57:57 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 20:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 20:57:44 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 20:56:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.16 20:56:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.16 18:00:24 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.09.16 17:36:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.09.16 16:58:05 | 000,288,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.16 14:02:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.16 00:19:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.09.14 00:45:08 | 000,001,555 | ---- | M] () -- C:\Users\Aziz\Desktop\Wecker für Windows.lnk
[2012.09.10 13:03:53 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.10 13:03:53 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.10 13:03:53 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.10 13:03:53 | 000,004,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 22:07:42 | 000,057,586 | ---- | M] () -- C:\Users\Aziz\Documents\Ganzseitiges Foto.pdf
[2012.09.04 10:50:28 | 000,511,265 | ---- | M] () -- C:\Users\Aziz\Desktop\adwcleaner.exe
[2012.09.04 10:19:39 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Aziz\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.03 23:51:24 | 000,005,632 | ---- | M] () -- C:\Users\Aziz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.03 19:25:27 | 531,550,615 | ---- | M] () -- C:\Users\Aziz\Documents\0903185727DVB-T(RTL) Television.mpg
[2012.09.02 15:41:28 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.02 15:41:28 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.02 12:36:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.02 12:36:52 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.02 10:21:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aziz\Desktop\OTL.exe
[2012.08.30 12:51:36 | 000,000,104 | ---- | M] () -- C:\Users\Aziz\Desktop\Computer - Verknüpfung.lnk
[2012.08.30 12:50:38 | 000,000,898 | ---- | M] () -- C:\Users\Aziz\Desktop\Windows Media Player.lnk
[2012.08.29 20:58:39 | 000,000,903 | ---- | M] () -- C:\Users\Aziz\Desktop\Launch Internet Explorer Browser.lnk
[2012.08.21 05:09:14 | 000,001,433 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.16 19:53:05 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.16 18:00:24 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.09.16 17:36:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.09.16 17:36:13 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012.09.14 00:45:08 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2012.09.14 00:45:08 | 000,001,555 | ---- | C] () -- C:\Users\Aziz\Desktop\Wecker für Windows.lnk
[2012.09.06 22:12:26 | 000,173,549 | ---- | C] () -- C:\Users\Aziz\Desktop\2010-Ford-Mustang-AV-X10-Front-Side-Picture.jpg
[2012.09.06 22:12:13 | 000,218,900 | ---- | C] () -- C:\Users\Aziz\Desktop\3068.jpg
[2012.09.06 22:07:41 | 000,057,586 | ---- | C] () -- C:\Users\Aziz\Documents\Ganzseitiges Foto.pdf
[2012.09.04 11:25:46 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.04 10:50:17 | 000,511,265 | ---- | C] () -- C:\Users\Aziz\Desktop\adwcleaner.exe
[2012.09.03 18:57:27 | 531,550,615 | ---- | C] () -- C:\Users\Aziz\Documents\0903185727DVB-T(RTL) Television.mpg
[2012.08.31 21:04:58 | 000,005,632 | ---- | C] () -- C:\Users\Aziz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.30 12:51:36 | 000,000,104 | ---- | C] () -- C:\Users\Aziz\Desktop\Computer - Verknüpfung.lnk
[2012.08.30 12:50:38 | 000,000,898 | ---- | C] () -- C:\Users\Aziz\Desktop\Windows Media Player.lnk
[2012.08.29 20:58:38 | 000,000,903 | ---- | C] () -- C:\Users\Aziz\Desktop\Launch Internet Explorer Browser.lnk
[2012.08.29 20:08:16 | 000,000,909 | ---- | C] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.29 20:08:13 | 000,000,904 | ---- | C] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.08.29 20:08:01 | 000,000,875 | ---- | C] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.08.21 05:09:14 | 000,001,433 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.08.20 23:01:44 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2011.08.20 23:01:44 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2011.08.20 23:01:34 | 000,598,016 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2011.08.20 23:01:34 | 000,307,200 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2011.08.20 23:01:34 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2011.08.20 23:01:34 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2011.08.20 23:01:34 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2011.08.20 23:01:34 | 000,225,280 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2011.08.20 23:01:34 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.05.11 22:40:27 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2011.02.22 22:43:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.22 16:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.22 16:49:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.10 21:43:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.07 02:03:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.09.2012 21:04:47 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Aziz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,55% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 74,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 11,26 Gb Free Space | 4,83% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 17,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSI-PC | User Name: Aziz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F082DF3-9F67-4D2A-A05C-6FFAF463EAA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BB121911-6A33-4B71-805E-F34DACF40B57}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26E011A8-EA45-4CB4-85E2-CA1674DDCD7F}" = protocol=6 | dir=in | app=c:\users\susi\appdata\local\temp\{1f651f08-005c-4a5b-a74a-26d392973ef6}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{44A5B598-C29B-45C2-98AB-E303E128AA3C}" = protocol=6 | dir=in | app=c:\users\susi\appdata\local\temp\{c5ca6e39-829b-4dec-86c9-1578ac7d33c1}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{47E9EB2B-1BEE-4803-B5FF-00E0942C3F54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{66306EA9-48EE-4C4C-823C-D408EE795A8C}" = protocol=6 | dir=in | app=c:\users\susi\appdata\local\temp\{c22c3f57-5182-4e9d-acb5-15a76c5ae65a}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{8BFF7B1B-3FEB-4098-A151-A91414E11BE0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8E4D65A2-06EE-4FE0-BB16-9A27E99A76D5}" = protocol=17 | dir=in | app=c:\users\susi\appdata\local\temp\{c22c3f57-5182-4e9d-acb5-15a76c5ae65a}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{9BDD4358-53F1-46D7-B5D3-E14DDEF6750B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9F7AE3E7-2F21-40F8-BE20-000D0221633C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B4B4978C-E404-4BC1-BE20-41585766756F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B9A91551-5B6E-4E49-BC30-1FBA030A489B}" = protocol=17 | dir=in | app=c:\users\susi\appdata\local\temp\{1f651f08-005c-4a5b-a74a-26d392973ef6}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{C232A471-4F3E-4450-A4D9-60235B663181}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C2C24A6A-3BD2-4CE9-B76C-A1FEF5B0A69A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CE68B517-21D3-40FA-AB2B-4647815DCA52}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D367C2D0-E3C1-4A52-8ABE-C57AB806D63C}" = protocol=17 | dir=in | app=c:\users\susi\appdata\local\temp\{c5ca6e39-829b-4dec-86c9-1578ac7d33c1}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"TCP Query User{BF7FF6AA-42D8-4315-BBC6-033805AC683D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3ED653E2-137F-4FD5-9EC6-1644DFA135B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01008101-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta Enzyklopädie PLUS 2001
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180" = Canon MP180
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}" = phase6_18
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE924D4-E4AB-4730-8367-0F2AEE9D7FE0}" = Samsung PC Studio 3
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8354A5-794D-4CA8-9125-21C9657454C3}" = capella studio + scan
"{4B7274EB-9D60-4655-8507-C910E63A9F02}" = Nitro PDF Reader
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC86ECA1-FA14-11D1-B4F6-00609781F44C}" = Der Brockhaus multimedial
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C9B59DAD-86AC-456C-80A7-B665E77AA325}" = SigmaTel MSCN Audio Player
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D9EB1AF1-5A27-49E7-B83B-D3AB9FF407DD}" = Steganos Safe 12
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFDC4005-E968-498D-93C8-CC148742167D}}_is1" = Wecker für Windows 6.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"aTube Catcher" = aTube Catcher
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"AVMWLANCLI" = AVM FRITZ!WLAN
"Canon MP180 Benutzerregistrierung" = Canon MP180 Benutzerregistrierung
"CCleaner" = CCleaner
"Das Telefonbuch. München 2012" = Das Telefonbuch. München 2012
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"FaceSwapper_is1" = FaceSwapper v1.0
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"FormatFactory" = FormatFactory 2.80
"Google Updater" = Google Updater
"Hamster Lite Archiver_is1" = Hamster Lite Archiver 2.0.0.16
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 3" = HyperCam 3
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NIS" = Norton Internet Security
"NSSSetup.{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan (Symantec Corporation)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.0
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SimpleScreenshot" = SimpleScreenshot 1.40
"Sony Ericsson" = Sony Ericsson Software
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.8
"Wecker 2.2" = Wecker 2.2 2.2
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.0.5.6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2012 19:53:39 | Computer Name = Susi-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 07.09.2012 19:56:56 | Computer Name = Susi-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.09.2012 09:54:57 | Computer Name = Susi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SearchIndexer.exe, Version 7.0.6002.18005, Zeitstempel
 0x49e02459, fehlerhaftes Modul TQUERY.DLL, Version 7.0.6002.18005, Zeitstempel 
0x49e0382e, Ausnahmecode 0xc0000005, Fehleroffset 0x0007980a,  Prozess-ID 0x86c, Anwendungsstartzeit
 01cd9016dd5bc6f8.
 
Error - 15.09.2012 06:44:19 | Computer Name = Susi-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.09.2012 03:28:15 | Computer Name = Susi-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.09.2012 07:37:28 | Computer Name = Susi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4fecf1b7, fehlerhaftes Modul MSHTML.dll, Version 9.0.8112.16448, Zeitstempel 
0x4fecfb0e, Ausnahmecode 0xc0000005, Fehleroffset 0x002627f8,  Prozess-ID 0x1614, 
Anwendungsstartzeit 01cd93dfe4d9f568.
 
Error - 16.09.2012 11:33:52 | Computer Name = Susi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 16.09.2012 11:49:46 | Computer Name = Susi-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 16.09.2012 13:52:21 | Computer Name = Susi-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.59.1 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1a14  Anfangszeit: 01cd9433ccc08e23  Zeitpunkt der Beendigung:
 16
 
Error - 16.09.2012 14:56:20 | Computer Name = Susi-PC | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 21.06.2009 17:35:58 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 16.01.2011 10:02:08 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 15.02.2011 12:43:04 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 20.02.2011 07:28:16 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 24.02.2011 08:24:09 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 06.04.2011 09:47:47 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 08.04.2011 16:01:02 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 19.04.2011 16:54:23 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 23.04.2011 20:11:46 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 08.06.2011 21:33:46 | Computer Name = Susi-PC | Source = ehRecvr | ID = 4
Description = 
 
[ System Events ]
Error - 16.09.2012 11:03:28 | Computer Name = Susi-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{CE9BD932-A2AB-47E7-BE99-92256CB36C60} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 16.09.2012 11:35:21 | Computer Name = Susi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.09.2012 11:35:21 | Computer Name = Susi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.09.2012 11:35:21 | Computer Name = Susi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.09.2012 13:31:37 | Computer Name = Susi-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 16.09.2012 14:27:15 | Computer Name = Susi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.09.2012 14:27:56 | Computer Name = Susi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.09.2012 14:27:57 | Computer Name = Susi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.09.2012 14:36:35 | Computer Name = Susi-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{CE9BD932-A2AB-47E7-BE99-92256CB36C60} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 16.09.2012 15:00:51 | Computer Name = Susi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
 
< End of report >

--- --- ---

t'john · 18.09.2012, 02:02

Zitat:

[2012.09.02 12:38:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.09.02 12:37:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.09.02 12:37:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

Du hast Java doch nicht entfernt?

http://www.trojaner-board.de/123180-...tml#post912764

wozu nochmal bereinigen, wenn du eh das tust, was du willst?

AMuc · 18.09.2012, 18:33

ja keine Ahnung. du siehst doch dass ich alles so gemacht habe wie du es wolltest.
und. blätter doch mal eine seite zurück und schau was du mir unten vorgeschlagen hast dass ich abarbeiten soll. genau das hab ich gemacht und alles so aktualisiert wie es dort vorgeschlagen wurde. nach diesen downloads hatte ich den trojaner wieder. ich sagte doch, dass ich mich nicht so gut auskenne. mir ist es auch ein rätsel wie jetzt plötzlich doch das aktuelle drauf sein kann.

lg amuc

ich hab nochmal nachgedacht wie das sein kann, vor allem mit dem datum und bin darauf gekommen dass dieses java auf dem noch funktionierenden nutzer noch installiert ist. das log stammt demnach auch von diesem. ich habe den scan dort gemacht, weil ich davon ausging dass es keinen unterschied macht und der trojaner auch über diesen gefunden wird. beim infizierten benutzer jedoch dürtfe dieses java nicht mehr drauf sein.

t'john · 19.09.2012, 17:50

Werde bitte etwas konrekter und lasse dir nicht alles aus der Nase ziehen!

Ist das derselbe Rechner?

Warum hast du mitten beim Berenigen Java installiert?
Warum sagst du du haettest es deinstalliert und hast es denneoch nicht getan?

AMuc · 20.09.2012, 15:10

Das habe ich doch jetzt schon mehrmals gesagt!
Es ist der gleiche Rechner jedoch verschiedene Benutzer!
Der eine Benutzer ist durch den Trojaner blockiert, der andere den ich extra deshalb eröffnet habe funktioniert (noch) einwandfrei!
Ich habe das Java auf dem (wieder) vom Trojaner blockierten Benutzer entfernt, und dachte dass dies dann auch beim anderen (funktionierenden) Benutzer entfernt wird. Scheinbar ist dem nicht so...

Zitat:

Zitat von AMuc

ich hab nochmal nachgedacht wie das sein kann, vor allem mit dem datum und bin darauf gekommen dass dieses java auf dem noch funktionierenden nutzer noch installiert ist. das log stammt demnach auch von diesem. ich habe den scan dort gemacht, weil ich davon ausging dass es keinen unterschied macht und der trojaner auch über diesen gefunden wird. beim infizierten benutzer jedoch dürtfe dieses java nicht mehr drauf sein.

lg amuc

t'john · 21.09.2012, 19:39

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

AMuc · 22.09.2012, 08:59

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.09.2012 09:38:36 - Run 4
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Aziz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,82% Memory free
4,23 Gb Paging File | 3,16 Gb Available in Paging File | 74,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 3,83 Gb Free Space | 1,65% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 17,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSI-PC | User Name: Aziz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.22 07:30:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Aziz\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.02 15:41:28 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012.08.22 08:42:48 | 000,510,960 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
PRC - [2012.08.22 08:42:48 | 000,343,024 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.07.21 10:50:22 | 000,084,480 | ---- | M] (Steganos Software GmbH) -- C:\Program Files\Steganos Safe 12\SteganosHotKeyService.exe
PRC - [2011.07.21 10:48:42 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files\Steganos Safe 12\fredirstarter.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010.12.03 11:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.08.26 11:36:00 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009.08.01 05:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.07.30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009.06.19 19:31:38 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009.06.08 14:34:00 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009.06.03 15:33:00 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.07.24 11:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2005.10.18 03:04:00 | 000,379,812 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe
PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 08:42:48 | 000,510,960 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010.11.17 15:03:40 | 000,187,904 | ---- | M] () -- C:\Program Files\Steganos Safe 12\ShellExtension.dll
MOD - [2009.08.01 05:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.11.02 11:46:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 10:33:26 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.22 08:42:48 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010.12.03 11:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.07.30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.10.18 03:04:00 | 000,379,812 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.12 18:21:14 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.07.12 18:21:14 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.07.12 18:21:13 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.07.12 18:21:13 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.04.28 02:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120507.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.04.14 11:58:21 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120507.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.04.14 11:58:21 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120507.022\NAVENG.SYS -- (NAVENG)
DRV - [2012.04.03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.02.04 06:25:50 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.02.04 06:25:50 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.01.18 14:30:30 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012.01.18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.05.11 15:36:33 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 03:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010.10.10 11:04:38 | 000,244,224 | ---- | M] (10Moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TridVid6010.sys -- (TridVid)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2009.08.28 11:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009.08.05 14:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.08.05 12:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009.07.28 20:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 11:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.06.19 09:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 09:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.03.31 12:55:32 | 000,596,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2008.03.31 12:55:31 | 000,023,584 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Cinergy_Hybrid_XE_HID.sys -- (TTHID)
DRV - [2008.01.19 07:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.10.18 03:04:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005.07.07 16:26:04 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
DRV - [2005.07.07 16:26:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 16:25:58 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 16:25:52 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.07.07 16:25:50 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 79 0F 9F 32 94 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{CA6F2137-CD38-4210-B9E2-3FC49F1894EF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=f82067ab-4ce1-4333-a785-95a6296261ee&apn_sauid=D68069E9-9208-454F-AD72-7AA80D069EC0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.10 08:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.23 02:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.23 02:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_9_4 [2012.09.22 07:07:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.13 13:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.16 17:36:13 | 000,000,000 | ---D | M]
 
[2012.09.03 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aziz\AppData\Roaming\mozilla\Extensions
[2012.09.03 18:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aziz\AppData\Roaming\mozilla\Firefox\Profiles\9hshjfio.default\extensions
[2012.08.13 13:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe (Hamster Soft)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SAFE12 File Redirection Starter] C:\Program Files\Steganos Safe 12\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE12 HotKeys] C:\Program Files\Steganos Safe 12\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\microsoft shared\Reference 2001\EROProj.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{929E0CA3-D617-4B02-BEC7-6CCA557E7826}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\microsoft shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.14 10:28:50 | 000,000,095 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{74478c2a-cc38-11e1-914a-a6fcf1d9db18}\Shell - "" = AutoRun
O33 - MountPoints2\{74478c2a-cc38-11e1-914a-a6fcf1d9db18}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 10:45:57 | 015,216,376 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM GmbH Berlin)
MsConfig - StartUpReg: Google Updater - hkey= - key= - C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 07:29:23 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Aziz\Desktop\OTL.exe
[2012.09.16 19:53:27 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Malwarebytes
[2012.09.16 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.16 19:53:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.16 19:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.16 18:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.09.16 17:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.09.16 17:35:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.14 00:45:08 | 000,739,472 | ---- | C] (Data Dynamics) -- C:\Windows\System32\sg20O.ocx
[2012.09.14 00:45:08 | 000,208,896 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbPrinter.dll
[2012.09.14 00:45:08 | 000,122,880 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbNet.dll
[2012.09.14 00:45:08 | 000,065,536 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\CBXML.dll
[2012.09.14 00:45:08 | 000,053,248 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbvCalendar.dll
[2012.09.14 00:45:08 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\SSubTmr6.dll
[2012.09.14 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker für Windows
[2012.09.14 00:45:07 | 000,057,344 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\cbSysHTrck.dll
[2012.09.14 00:45:07 | 000,040,960 | ---- | C] (Christoph Bünger Software) -- C:\Windows\System32\CBDTPicker.dll
[2012.09.14 00:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Wecker6
[2012.09.14 00:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker 2.2
[2012.09.14 00:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Wecker 2.2
[2012.09.14 00:37:15 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.09.07 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.09.04 10:12:03 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Aziz\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.03 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Macromedia
[2012.09.03 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Mozilla
[2012.09.03 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Mozilla
[2012.09.02 13:25:16 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Nitro PDF
[2012.09.02 12:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.02 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Paint.NET
[2012.09.01 07:54:01 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Apple
[2012.08.31 04:05:56 | 000,000,000 | ---D | C] -- C:\Users\Aziz\DoctorWeb
[2012.08.31 03:35:55 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Adobe
[2012.08.30 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\HamsterSoft
[2012.08.30 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Leadertech
[2012.08.30 12:46:04 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\vlc
[2012.08.30 00:20:38 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\AVerMedia
[2012.08.29 21:58:24 | 000,000,000 | ---D | C] -- C:\Users\Aziz\Documents\AVerTV
[2012.08.29 21:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.08.29 21:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.29 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Macromedia
[2012.08.29 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Adobe
[2012.08.29 20:10:23 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Logitech® Webcam-Software
[2012.08.29 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.29 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Toshiba
[2012.08.29 20:08:24 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Steganos
[2012.08.29 20:08:22 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Scansoft
[2012.08.29 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.29 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Searches
[2012.08.29 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.29 20:08:05 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Identities
[2012.08.29 20:08:02 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Contacts
[2012.08.29 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\VirtualStore
[2012.08.29 20:03:25 | 000,000,000 | --SD | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Videos
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Saved Games
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Pictures
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Music
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Links
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Favorites
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Downloads
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Documents
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\Desktop
[2012.08.29 20:03:25 | 000,000,000 | R--D | C] -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Vorlagen
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\AppData\Local\Verlauf
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\AppData\Local\Temporary Internet Files
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Startmenü
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\SendTo
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Recent
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Netzwerkumgebung
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Lokale Einstellungen
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Documents\Eigene Videos
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Documents\Eigene Musik
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Eigene Dateien
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Documents\Eigene Bilder
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Druckumgebung
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Cookies
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\AppData\Local\Anwendungsdaten
[2012.08.29 20:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Aziz\Anwendungsdaten
[2012.08.29 20:03:25 | 000,000,000 | -H-D | C] -- C:\Users\Aziz\AppData
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Temp
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Microsoft Help
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Local\Microsoft
[2012.08.29 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aziz\AppData\Roaming\Media Center Programs
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 09:06:59 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 09:06:59 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 09:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.22 07:30:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Aziz\Desktop\OTL.exe
[2012.09.22 07:06:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 07:06:53 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 02:47:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.21 20:37:06 | 390,425,470 | ---- | M] () -- C:\Users\Aziz\Documents\0921201549DVB-Ttagesschau24.mpg
[2012.09.19 23:16:57 | 008,532,290 | ---- | M] () -- C:\Users\Aziz\Documents\0919231635DVB-TZDF.mpg
[2012.09.17 17:38:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.17 17:38:05 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.17 17:38:05 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.17 17:38:05 | 000,004,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 20:56:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.16 18:00:24 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.09.16 17:36:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.09.16 16:58:05 | 000,288,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.16 14:02:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.16 00:19:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.09.14 00:45:08 | 000,001,555 | ---- | M] () -- C:\Users\Aziz\Desktop\Wecker für Windows.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 22:07:42 | 000,057,586 | ---- | M] () -- C:\Users\Aziz\Documents\Ganzseitiges Foto.pdf
[2012.09.04 10:50:28 | 000,511,265 | ---- | M] () -- C:\Users\Aziz\Desktop\adwcleaner.exe
[2012.09.04 10:19:39 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Aziz\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.03 23:51:24 | 000,005,632 | ---- | M] () -- C:\Users\Aziz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.03 19:25:27 | 531,550,615 | ---- | M] () -- C:\Users\Aziz\Documents\0903185727DVB-T(RTL) Television.mpg
[2012.08.30 12:51:36 | 000,000,104 | ---- | M] () -- C:\Users\Aziz\Desktop\Computer - Verknüpfung.lnk
[2012.08.30 12:50:38 | 000,000,898 | ---- | M] () -- C:\Users\Aziz\Desktop\Windows Media Player.lnk
[2012.08.29 20:58:39 | 000,000,903 | ---- | M] () -- C:\Users\Aziz\Desktop\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.21 20:15:49 | 390,425,470 | ---- | C] () -- C:\Users\Aziz\Documents\0921201549DVB-Ttagesschau24.mpg
[2012.09.19 23:16:35 | 008,532,290 | ---- | C] () -- C:\Users\Aziz\Documents\0919231635DVB-TZDF.mpg
[2012.09.16 19:53:05 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.16 18:00:24 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.09.16 17:36:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.09.16 17:36:13 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012.09.14 00:45:08 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2012.09.14 00:45:08 | 000,001,555 | ---- | C] () -- C:\Users\Aziz\Desktop\Wecker für Windows.lnk
[2012.09.06 22:12:26 | 000,173,549 | ---- | C] () -- C:\Users\Aziz\Desktop\2010-Ford-Mustang-AV-X10-Front-Side-Picture.jpg
[2012.09.06 22:12:13 | 000,218,900 | ---- | C] () -- C:\Users\Aziz\Desktop\3068.jpg
[2012.09.06 22:07:41 | 000,057,586 | ---- | C] () -- C:\Users\Aziz\Documents\Ganzseitiges Foto.pdf
[2012.09.04 11:25:46 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.04 10:50:17 | 000,511,265 | ---- | C] () -- C:\Users\Aziz\Desktop\adwcleaner.exe
[2012.09.03 18:57:27 | 531,550,615 | ---- | C] () -- C:\Users\Aziz\Documents\0903185727DVB-T(RTL) Television.mpg
[2012.08.31 21:04:58 | 000,005,632 | ---- | C] () -- C:\Users\Aziz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.30 12:51:36 | 000,000,104 | ---- | C] () -- C:\Users\Aziz\Desktop\Computer - Verknüpfung.lnk
[2012.08.30 12:50:38 | 000,000,898 | ---- | C] () -- C:\Users\Aziz\Desktop\Windows Media Player.lnk
[2012.08.29 20:58:38 | 000,000,903 | ---- | C] () -- C:\Users\Aziz\Desktop\Launch Internet Explorer Browser.lnk
[2012.08.29 20:08:16 | 000,000,909 | ---- | C] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.29 20:08:13 | 000,000,904 | ---- | C] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.08.29 20:08:01 | 000,000,875 | ---- | C] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.08.20 23:01:44 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2011.08.20 23:01:44 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2011.08.20 23:01:34 | 000,598,016 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2011.08.20 23:01:34 | 000,307,200 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2011.08.20 23:01:34 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2011.08.20 23:01:34 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2011.08.20 23:01:34 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2011.08.20 23:01:34 | 000,225,280 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2011.08.20 23:01:34 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.05.11 22:40:27 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2011.02.22 22:43:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.22 16:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.22 16:49:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.10 21:43:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.07 02:03:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
 
========== ZeroAccess Check ==========
 
[2012.09.18 16:03:14 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\LocalLow\Microsoft\Silverlight\is\wgpmqtth.lrx\dg2r4g2w.f5e\1\l
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.09.22 09:19:47 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.30 20:19:40 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\HamsterSoft
[2012.08.30 17:16:59 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Leadertech
[2012.09.20 10:38:39 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Nitro PDF
[2012.08.29 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Steganos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.05 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Adobe
[2012.09.22 09:19:47 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.30 20:19:40 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\HamsterSoft
[2012.08.29 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Identities
[2012.08.30 17:16:59 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Leadertech
[2012.08.29 20:59:55 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Macromedia
[2012.09.16 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Media Center Programs
[2012.09.04 10:25:13 | 000,000,000 | --SD | M] -- C:\Users\Aziz\AppData\Roaming\Microsoft
[2012.09.03 18:33:51 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Mozilla
[2012.09.20 10:38:39 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Nitro PDF
[2012.08.29 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\Steganos
[2012.08.30 12:49:46 | 000,000,000 | ---D | M] -- C:\Users\Aziz\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.06.07 03:28:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.06.07 03:28:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.06.07 03:28:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.04.13 10:48:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.04.13 10:48:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.06.19 17:06:06 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.06.19 17:06:06 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.06.19 17:06:03 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2012.08.29 20:08:14 | 000,000,174 | -HS- | M] () -- C:\Users\Aziz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >
 
<           >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.06.08 00:12:33 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2012.08.13 16:45:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

--- --- ---

t'john · 22.09.2012, 20:19

Falsch.
Wenn du den Scan nochmal falsch durchfuhrst, brechen wir hier ab.
http://www.trojaner-board.de/123180-...tml#post920819

AMuc · 22.09.2012, 20:44

meinst du das war absicht oder was??
sag mal kannst du nicht einfach verstehen, dass ich ein totaler laie bin?
wenn ich profi wär müsst ich ja wohl nicht um die hilfe eines dritten oder um deine hilfe bitten;-)
also was soll das ständig.
sag mir doch einfach was falsch ist und ich mach es dann richtig.

----------------------------------------------------------------

so, habe nun einfach nochmal alles der reihe nach wie auf seite eins und zwei angeben gemacht. funktioniert nun wieder einwandfrei.

auch wenn ich manche anmerkungen von dir zwischendurch und auch zum schluß nicht mehr nachvollziehen konnte, so muss ich dennoch, und zwar ohne wenn und aber anerkennen, dass ich ohne deine hilfe keinen funktionierenden rechner mehr hätte und dass du dir eine menge arbeit gemacht hast. dafür möchte ich mich nochmals ganz herzlich bedanken und ich werde ich auf jedenfall auch was spenden!

lg amuc

t'john · 25.09.2012, 11:23

Es ist wichtig die Anleitungen zu befolgen.

In der Anleitung steht z.B.:

Zitat:

Setze oben mittig den Haken bei Scanne alle Benutzer

Das hat nichts mit Laie zutun

22.09.2012, 20:19	#27
t'john /// Helfer-Team	spezifisches Problem mit dem Ukash Trojaner "Der Computer ist für die Verletzung der Gesezte der Bundesrepublik.... Falsch. Wenn du den Scan nochmal falsch durchfuhrst, brechen wir hier ab. http://www.trojaner-board.de/123180-...tml#post920819 __________________ Mfg, t'john Das TB unterstützen

spezifisches Problem mit dem Ukash Trojaner "Der Computer ist für die Verletzung der Gesezte der Bundesrepublik....

Log-Analyse und Auswertung: spezifisches Problem mit dem Ukash Trojaner "Der Computer ist für die Verletzung der Gesezte der Bundesrepublik....