mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot)

cosinus · 27.10.2012, 22:38

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

magnus65 · 28.10.2012, 09:46

So, da ich mir nicht sicher war, wie ich AVG korrekt abschalte, hab ich es deinstalliert und neu gestartet.
interessanterweise sagt combofix, das es trotzdem läuft.

Hier das log :

Code:

ATTFilter

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8183.6481 [GMT 1:00]
ausgeführt von:: c:\users\Uli\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\EXCEL.ico
c:\program files (x86)\Common Files\HHelp.ico
c:\program files (x86)\Common Files\VISIO.ico
c:\program files (x86)\Common Files\WINWORD.ico
c:\users\Uli\AppData\Roaming\Raax
c:\users\Uli\AppData\Roaming\Raax\vokudy.exe
c:\users\Uli\ia_remove.sh3001.tmp
c:\users\Uli\ia_remove.sh5329.tmp
c:\users\Uli\ia_remove.sh9180.tmp
c:\windows\msvcr71.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\kWab.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-28  ))))))))))))))))))))))))))))))
.
.
2012-10-28 08:41 . 2012-10-28 08:41	--------	d-----w-	c:\users\Kate\AppData\Local\temp
2012-10-28 08:41 . 2012-10-28 08:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-28 08:41 . 2012-10-28 08:41	--------	d-----w-	c:\users\admin\AppData\Local\temp
2012-10-28 08:41 . 2012-10-28 08:41	--------	d-----w-	c:\users\uliadm\AppData\Local\temp
2012-10-27 12:23 . 2012-10-27 12:23	--------	d-----w-	c:\users\Uli\AppData\Local\Mozilla Firefox
2012-10-26 09:05 . 2012-10-17 00:31	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{11140E1C-5133-4A88-9FF3-71A21F03D02E}\mpengine.dll
2012-10-24 11:09 . 2012-10-24 11:22	--------	d-----w-	c:\users\testadm
2012-10-17 17:33 . 2012-10-17 17:33	--------	d-----w-	c:\users\Kate\AppData\Roaming\ATI
2012-10-17 17:33 . 2012-10-17 17:33	--------	d-----w-	c:\users\Kate\AppData\Local\ATI
2012-10-17 14:31 . 2012-10-17 14:31	--------	d-----w-	c:\users\Uli\AppData\Roaming\ATI
2012-10-17 14:31 . 2012-10-17 14:31	--------	d-----w-	c:\users\Uli\AppData\Local\ATI
2012-10-17 14:28 . 2006-10-13 06:18	18216	----a-w-	c:\windows\nvoclk64.sys
2012-10-17 14:28 . 2006-10-13 06:18	6912	----a-w-	c:\windows\nvoclock.sys
2012-10-17 14:28 . 2006-10-13 06:16	421888	----a-w-	c:\windows\nvsulib.dll
2012-10-17 14:28 . 2006-09-05 12:59	217088	----a-w-	c:\windows\NVGfxOgl.dll
2012-10-17 14:28 . 2006-06-01 15:22	53248	----a-w-	c:\windows\Nvgpio.dll
2012-10-17 14:27 . 2006-10-13 06:18	380928	----a-w-	c:\windows\ntuneoem.dll
2012-10-17 14:27 . 2006-10-13 06:13	1622016	----a-w-	c:\windows\NVBenchMarks.dll
2012-10-17 14:27 . 2006-10-13 06:12	28672	----a-w-	c:\windows\AutoTuneScript.dll
2012-10-17 14:27 . 2006-08-21 07:20	45056	----a-w-	c:\windows\NTuneGpu.dll
2012-10-17 14:27 . 2005-09-23 14:33	499712	----a-w-	c:\windows\msvcp71.dll
2012-10-17 14:27 . 2005-09-23 14:33	1060864	----a-w-	c:\windows\MFC71.dll
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\users\admin\AppData\Roaming\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\users\admin\AppData\Local\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\programdata\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2012-10-17 14:11 . 2009-08-23 08:02	120336	----a-w-	c:\windows\system32\drivers\AtiHdmi.sys
2012-10-17 14:02 . 2009-05-21 04:23	4178264	----a-w-	c:\windows\SysWow64\D3DX9_41.dll
2012-10-17 14:02 . 2009-03-18 13:00	32768	----a-w-	c:\windows\SysWow64\Auxiliary.dll
2012-10-17 14:00 . 2012-10-17 14:11	--------	d-----w-	c:\program files (x86)\Setup Files
2012-10-17 13:56 . 2012-10-17 13:56	--------	d-----w-	c:\users\Uli\AppData\Roaming\Tracker Software
2012-10-16 20:17 . 2012-10-16 20:18	--------	d-----w-	c:\users\Uli\AppData\Roaming\Research In Motion
2012-10-16 20:17 . 2012-10-16 20:17	--------	d-----w-	c:\users\Uli\AppData\Local\Research In Motion
2012-10-16 20:15 . 2011-07-20 11:58	44032	----a-w-	c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-10-16 20:15 . 2012-10-25 10:43	--------	d-----w-	c:\program files (x86)\Common Files\XCPCSync.OEM
2012-10-15 11:48 . 2012-10-15 11:48	--------	d-----w-	c:\programdata\Gigaset QuickSync
2012-10-15 11:47 . 2012-10-15 11:47	--------	d-----w-	c:\users\Uli\AppData\Local\Gigaset_Communications_Gm
2012-10-15 11:45 . 2012-10-15 11:45	--------	d-----w-	c:\program files (x86)\Gigaset QuickSync
2012-10-15 11:37 . 2012-10-15 11:37	--------	d-----w-	c:\users\Uli\AppData\Local\Shaw Computer
2012-10-15 11:37 . 2009-06-23 03:59	313856	----a-w-	c:\windows\SysWow64\SPort.dll
2012-10-15 11:37 . 2003-06-22 18:31	65536	----a-w-	c:\windows\SysWow64\vbalProgBar6.ocx
2012-10-15 11:37 . 2001-05-24 09:20	544256	----a-w-	c:\windows\SysWow64\janGraphics.dll
2012-10-15 11:37 . 1998-07-05 23:00	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-15 11:37 . 2012-10-15 11:37	--------	d-----w-	c:\program files (x86)\gTool
2012-10-15 11:37 . 2008-10-10 12:36	656200	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-10-15 11:37 . 2000-07-19 13:26	151552	----a-w-	c:\windows\SysWow64\ccrpFD6.ocx
2012-10-15 11:37 . 1998-07-06 00:00	33792	----a-w-	c:\windows\SysWow64\CMDLGDE.DLL
2012-10-15 11:37 . 1998-07-05 23:00	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-15 11:37 . 1998-07-05 23:00	14336	----a-w-	c:\windows\SysWow64\MSComDE.dll
2012-10-10 18:45 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 18:45 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 18:45 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 18:45 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 18:45 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 18:45 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 18:45 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 18:45 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 09:56 . 2012-10-10 09:56	--------	d-----w-	c:\program files\CPUID
2012-10-08 13:22 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-08 13:21 . 2012-10-08 13:22	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-08 13:21 . 2012-10-08 13:22	--------	d-----w-	c:\program files\iTunes
2012-10-08 13:21 . 2012-10-08 13:22	--------	d-----w-	c:\program files (x86)\iTunes
2012-10-08 13:21 . 2012-10-08 13:21	--------	d-----w-	c:\program files\iPod
2012-10-08 11:39 . 2012-10-08 11:39	794112	----a-w-	c:\windows\system32\Gqstsp.tsp
2012-10-08 11:26 . 2012-10-08 11:26	495616	----a-w-	c:\windows\SysWow64\Gqstsp.tsp
2012-10-08 11:09 . 2012-10-08 11:09	54272	----a-w-	c:\windows\system32\drivers\GigasetGenericUSB_x64.sys
2012-09-30 22:37 . 2012-09-30 22:37	--------	d-----w-	c:\users\Kate\AppData\Roaming\AVG10
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 21:57 . 2010-03-20 19:08	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 09:29 . 2012-04-26 10:18	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 09:29 . 2011-06-10 06:23	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-08-04 20:39	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-16 18:01 . 2012-06-08 11:11	61440	----a-r-	c:\users\admin\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-08-24 11:15 . 2012-09-22 09:52	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 09:52	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 09:52	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 09:52	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 09:52	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 09:52	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 09:52	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 09:52	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 09:52	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 09:52	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 09:52	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 09:52	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 09:52	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 09:52	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 09:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 09:52	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 09:52	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 09:52	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 09:52	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 09:52	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 09:52	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 09:52	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 09:38	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:38	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:38	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:38	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 15:06	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2010-03-21 10:21	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2010-03-21 10:21	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 18:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:38	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:38	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-04-19 611712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-14 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFU3SEctWUxVVlUtRVMyRUctUUY3WEMtVkxDOVctUTRMWkc&inst=NzctNjIyNjE5MDcwLUJBUjlHKzEtRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0zKzEtRkwxMCsxLUNJUCsyLUREVCsxNzUxNS1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzE&prod=90&ver=10.0.1411" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2009-9-1 6407854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe [2012-08-17 413184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-21 1038088]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys [2012-10-08 54272]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_0;NTIOLib_1_0_0;c:\program files (x86)\MSI\DirectOC\NTIOLib_X64.sys [2009-06-12 14136]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2009-10-05 14136]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7583v1B0\NTIOLib_X64.sys [2011-01-06 11888]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 15360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-14 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-04-19 288112]
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-21 52856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [2010-03-20 615440]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 09:29]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394765569-1510172786-3570238692-1001Core.job
- c:\users\Uli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 17:13]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394765569-1510172786-3570238692-1001UA.job
- c:\users\Uli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 17:13]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://portal.computacenter.de/CACHE/sdesktop/install/binaries/instweb.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AutoStartNPSAgent - c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-28  09:44:15
ComboFix-quarantined-files.txt  2012-10-28 08:44
.
Vor Suchlauf: 21 Verzeichnis(se), 670.199.934.976 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 670.984.093.696 Bytes frei
.
- - End Of File - - F59F44E1303E30C51EADC99CFEA4235C

cosinus · 28.10.2012, 12:15

Zitat:

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

Wieso hast du zwei AVPs am laufen, das ist kontraproduktiv!

Bitte einen der beiden umgehend deinstallieren!

magnus65 · 28.10.2012, 14:05

AVG hatte ich schnmal entfernt, aber offensichtlich nicht vollständig.
Mit AVG remove ists zumindest nicht mehr in der Liste der installierten Programme.

Avira habe ich auch komplett deinstalliert.

Bin etwas ratlos warum beide angeblich noch laufen, in der Prozessliste kann ich sie auch nicht finden.

cosinus · 28.10.2012, 15:04

Probier mal den AVG Remover => AVG Tools-Download

magnus65 · 28.10.2012, 17:42

Schon versucht.
Regedit und Suche nach AVG oder AVIRA bringt kaum Ergebnisse, bei Autoruns steht auch nichts.

Hab jetzt unter Programme die AVG Ordner gelöscht und in der Registry die gefundenen Einträge rausgelöscht, bei Avira deinstalliert und ich finde auch kaum noch was.

Aber Avira ist angeblich trotzdem aktiv.

cosinus · 28.10.2012, 17:47

Zitat:

Schon versucht.

Und weiter?! Ergebnis?

magnus65 · 28.10.2012, 18:03

Anbei das Log mit den diversen Versuchen.

magnus65 · 29.10.2012, 08:11

So, Update, habe inzwischen Avast installiert , da trotz der Meldungen von Combofix kein Virenscanner aktiv ist.Anbei das Ergebnis des Scans.

cosinus · 29.10.2012, 08:17

Zitat:

Zitat von magnus65

So, Update, habe inzwischen Avast installiert , da trotz der Meldungen von Combofix kein Virenscanner aktiv ist.Anbei das Ergebnis des Scans.

Bitte was?!

Sind jetzt drei Virenscanner am werkeln?

magnus65 · 29.10.2012, 09:29

Zitat:

Zitat von cosinus

Bitte was?!

Sind jetzt drei Virenscanner am werkeln?

Nein, ich hatte doch oben geschrieben, das ich Avira und AVG deinstalliert habe.
Warum Combofix der Meinung ist, das Avira noch aktiv ist - keine Ahnung.
Das einzige , was ich noch finden kann, ist das TrayIcon von Avira

Durchsuchen der Registry nach Avira oder AVG bring keinen Treffer.

Habe jetzt Avast installiert um nicht ganz ohne Scanner dazustehen.

OTL weiss auch nur von Avast :

Code:

ATTFilter

OTL logfile created on: 29.10.2012 08:47:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uli\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,40% Memory free
15,98 Gb Paging File | 14,39 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 624,35 Gb Free Space | 67,03% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1032,68 Gb Free Space | 55,43% Space Free | Partition Type: NTFS
Drive K: | 14,90 Gb Total Space | 14,63 Gb Free Space | 98,22% Space Free | Partition Type: FAT32
 
Computer Name: GOLLUM | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.27 13:23:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Users\Uli\AppData\Local\Mozilla Firefox\firefox.exe
PRC - [2012.10.25 08:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uli\Desktop\OTL.exe
PRC - [2012.10.23 12:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.09.01 21:46:56 | 006,407,854 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.27 13:23:28 | 002,295,264 | ---- | M] () -- C:\Users\Uli\AppData\Local\Mozilla Firefox\mozjs.dll
MOD - [2009.09.01 21:46:56 | 006,407,854 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
MOD - [2009.09.01 21:40:36 | 001,167,312 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll
MOD - [2009.09.01 21:40:36 | 000,892,928 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll
MOD - [2009.09.01 21:40:36 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll
MOD - [2009.09.01 21:40:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll
MOD - [2009.09.01 21:40:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll
MOD - [2009.09.01 21:40:36 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll
MOD - [2009.09.01 21:40:36 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll
MOD - [2009.09.01 21:40:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin15968.dll
MOD - [2009.09.01 21:40:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin15968.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.24 18:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.09 10:29:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.04.19 12:01:44 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010.03.21 02:20:07 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.03.21 02:19:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.23 12:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.23 12:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.23 12:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.23 12:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.23 12:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.10.08 12:09:34 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.23 09:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.19 11:55:30 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2010.03.21 01:48:19 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.21 00:22:21 | 000,615,440 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys -- (SKYNET)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.14 08:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009.08.23 09:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.08 17:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV - [2010.04.19 11:55:30 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009.12.14 08:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 B5 CD 07 60 C8 CA 01  [binary data]
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 59 C7 E3 26 B5 CD 01  [binary data]
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.28 23:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 08:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.23 08:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.06.16 22:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2010.06.16 22:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\w315ohqn.default\extensions
[2012.10.28 17:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.26 11:20:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.10.24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012.10.28 09:41:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\..Trusted Domains: computacenter.de ([ccportal] https in Trusted sites)
O15 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\..Trusted Domains: computacenter.de ([ccwebapps1] https in Trusted sites)
O15 - HKU\S-1-5-21-1394765569-1510172786-3570238692-1001\..Trusted Domains: mycomputacenter.de ([www] https in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://computacenter-meeting.webex.com/client/T27LC/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} https://portal.computacenter.de/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B1D7A73-1D65-4711-8628-94DE26AF4F1A}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F054716-A4DB-4871-91AD-482C9EC79FF2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.28 22:52:07 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.28 22:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.10.28 22:52:06 | 000,364,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.28 22:52:00 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.28 22:52:00 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.10.28 22:51:56 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.28 22:51:51 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.28 22:51:51 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.28 22:51:36 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.28 22:51:36 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.28 22:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.10.28 22:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.10.28 18:14:32 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Macromedia
[2012.10.28 17:59:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.28 17:45:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IrfanView
[2012.10.28 17:45:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.10.28 17:37:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.28 17:26:10 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012.10.28 17:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.28 16:56:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012.10.28 14:33:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IObit
[2012.10.28 09:13:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.28 09:13:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.28 09:13:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.28 09:11:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.28 09:11:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.27 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012.10.17 17:34:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.10.17 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ATI
[2012.10.17 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ATI
[2012.10.17 15:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.17 15:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.17 15:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.17 15:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2012.10.16 21:15:51 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012.10.16 21:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2012.10.15 12:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Gigaset QuickSync
[2012.10.15 12:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaset QuickSync
[2012.10.15 12:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigaset QuickSync
[2012.10.15 12:37:41 | 000,313,856 | ---- | C] (ELTIMA Software) -- C:\Windows\SysWow64\SPort.dll
[2012.10.15 12:37:41 | 000,065,536 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalProgBar6.ocx
[2012.10.15 12:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gTool
[2012.10.15 12:37:40 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\Windows\SysWow64\ccrpFD6.ocx
[2012.10.15 12:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gTool
[2012.10.10 10:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.10.10 10:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.10.08 14:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.08 14:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.08 14:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.08 14:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.08 14:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.08 12:39:08 | 000,794,112 | ---- | C] (Gigaset Communications GmbH) -- C:\Windows\SysNative\Gqstsp.tsp
[2012.10.08 12:26:52 | 000,495,616 | ---- | C] (Gigaset Communications GmbH) -- C:\Windows\SysWow64\Gqstsp.tsp
[2012.10.08 12:09:34 | 000,054,272 | ---- | C] (Siemens Home and Office Communication Devices GmbH & Co. KG) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.29 08:34:54 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 08:34:54 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 08:31:55 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.29 08:31:55 | 000,702,236 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.29 08:31:55 | 000,655,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.29 08:31:55 | 000,149,792 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.29 08:31:55 | 000,122,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.29 08:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.29 08:27:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 08:27:25 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.29 08:22:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012.10.29 08:20:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1394765569-1510172786-3570238692-1001UA.job
[2012.10.28 23:16:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.10.28 22:52:07 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.10.28 20:20:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1394765569-1510172786-3570238692-1001Core.job
[2012.10.28 17:26:38 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012.10.28 17:24:02 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 15:58:49 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2012.10.28 09:41:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.25 20:14:58 | 000,000,512 | ---- | M] () -- C:\Users\admin\Desktop\MBR.dat
[2012.10.25 08:13:58 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012.10.24 19:47:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.23 12:18:31 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.23 12:18:31 | 000,364,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.23 12:18:31 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.23 12:18:30 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.23 12:18:30 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.23 12:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.23 12:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.23 12:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.22 22:04:34 | 000,007,604 | ---- | M] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2012.10.17 20:03:23 | 515,215,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.17 15:01:35 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\DirectOC.lnk
[2012.10.16 21:16:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012.10.16 21:15:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.10.15 12:45:34 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Gigaset QuickSync.exe.lnk
[2012.10.10 10:56:37 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.10.09 13:47:46 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.2 64-Bit.lnk
[2012.10.08 14:22:40 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.08 12:39:08 | 000,794,112 | ---- | M] (Gigaset Communications GmbH) -- C:\Windows\SysNative\Gqstsp.tsp
[2012.10.08 12:26:52 | 000,495,616 | ---- | M] (Gigaset Communications GmbH) -- C:\Windows\SysWow64\Gqstsp.tsp
[2012.10.08 12:09:34 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys
[2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.28 22:52:07 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.10.28 22:51:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.10.28 17:24:02 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.28 17:24:02 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 09:13:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.28 09:13:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.28 09:13:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.28 09:13:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.28 09:13:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.25 20:13:38 | 000,000,512 | ---- | C] () -- C:\Users\admin\Desktop\MBR.dat
[2012.10.25 08:13:58 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012.10.17 17:34:10 | 515,215,215 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.17 15:02:10 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Auxiliary.dll
[2012.10.17 15:01:35 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\DirectOC.lnk
[2012.10.16 21:16:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012.10.16 21:15:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012.10.15 12:45:34 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Gigaset QuickSync.exe.lnk
[2012.10.15 12:37:41 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll
[2012.10.10 10:56:37 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.10.09 13:47:46 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2 64-bit.lnk
[2012.10.09 13:47:46 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.2 64-Bit.lnk
[2012.10.08 14:22:40 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.07 20:32:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.16 18:59:52 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Digital Light
[2012.09.16 18:59:52 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2012.09.16 18:59:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012.07.22 21:04:01 | 000,007,604 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2012.06.09 20:46:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\Cocoa
[2012.06.08 12:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Distortion
[2012.06.08 12:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Definition Bundle
[2012.06.08 12:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2012.06.08 12:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\CustomDataViews
[2012.06.08 12:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Contextual Menu Items
[2012.06.08 12:10:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Drums
[2012.06.08 12:03:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\Core Data Application
[2012.06.08 12:03:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\Database
[2012.06.08 12:03:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Contents
[2011.01.28 12:25:00 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.07 11:51:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.17 09:02:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.17 09:02:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.17 09:02:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.06.16 22:11:58 | 000,002,528 | ---- | C] () -- C:\Users\admin\AppData\Roaming\$_hpcst$.hpc
[2010.06.15 20:47:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.14 17:54:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2010.06.14 17:54:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.06.14 17:54:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Rock Kit
[2010.06.14 17:54:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Capture
[2010.06.14 17:54:44 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sample Delay
[2010.06.14 17:37:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.03.29 12:01:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.03.22 09:36:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.28 14:33:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2012.10.28 17:45:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2012.04.10 16:41:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Notepad++
[2010.06.16 22:13:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PC Suite
[2010.06.16 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Samsung
[2012.09.30 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\AVG10
[2010.10.28 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Canon
[2010.05.11 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\HdO Adventure
[2010.06.15 12:10:21 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\IrfanView
[2012.03.18 11:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
[2012.09.17 21:30:13 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Manifesto Games
[2011.12.31 10:40:55 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Memeo
[2010.06.16 22:16:20 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\PC Suite
[2010.06.16 22:16:26 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Samsung
[2010.10.04 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Canneverbe Limited
[2011.01.11 10:25:29 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Canon
[2011.10.17 10:21:58 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.02 19:46:06 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\com.mcgraphix.KlokworkTeamConsole
[2011.02.01 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\DBDesigner4
[2010.04.04 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\DeepBurner
[2011.08.11 12:17:08 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\EAC
[2012.09.25 21:50:20 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\FileZilla
[2012.06.14 22:53:50 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\foobar2000
[2012.10.24 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\IrfanView
[2010.11.19 10:48:55 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\jpg-Illuminator
[2011.02.04 21:21:31 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
[2012.09.13 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Manifesto Games
[2011.12.03 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Nik Software
[2010.08.18 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Nikon
[2012.04.10 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Notepad++
[2012.03.02 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Opwibah
[2010.06.16 22:24:57 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\PC Suite
[2011.05.28 08:05:32 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\PhotoLine
[2012.10.16 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Research In Motion
[2010.06.16 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Samsung
[2010.03.20 22:36:59 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Thunderbird
[2010.06.29 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\TomTom
[2012.10.17 14:56:06 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Tracker Software
[2010.11.03 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\TrueCrypt
[2012.08.30 09:16:56 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\webex
[2011.08.13 14:51:14 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\WindSolutions
[2012.08.16 12:34:49 | 000,000,000 | ---D | M] -- C:\Users\uliadm\AppData\Roaming\IrfanView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0908F1AC

< End of report >

cosinus · 29.10.2012, 13:20

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Seccenter::
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

magnus65 · 29.10.2012, 13:46

Anbei das Ergebnis, Combofix hat allerdings nicht nach einem neustart verlangt.

Code:

ATTFilter

ComboFix 12-10-29.01 - admin 29.10.2012  13:35:03.6.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8183.5923 [GMT 1:00]
ausgeführt von:: c:\users\Uli\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Uli\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-29  ))))))))))))))))))))))))))))))
.
.
2012-10-29 12:42 . 2012-10-29 12:42	--------	d-----w-	c:\users\uliadm\AppData\Local\temp
2012-10-29 12:42 . 2012-10-29 12:42	--------	d-----w-	c:\users\Kate\AppData\Local\temp
2012-10-29 12:42 . 2012-10-29 12:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-29 12:42 . 2012-10-29 12:42	--------	d-----w-	c:\users\admin\AppData\Local\temp
2012-10-28 21:52 . 2012-10-23 11:18	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-28 21:52 . 2012-10-23 11:18	364096	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-28 21:52 . 2012-10-23 11:18	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-28 21:52 . 2012-10-15 17:59	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-28 21:51 . 2012-10-23 11:18	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-28 21:51 . 2012-10-23 11:18	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-28 21:51 . 2012-10-23 11:17	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-28 21:51 . 2012-10-23 11:17	41224	----a-w-	c:\windows\avastSS.scr
2012-10-28 21:51 . 2012-10-23 11:17	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-28 21:51 . 2012-10-28 21:51	--------	d-----w-	c:\programdata\AVAST Software
2012-10-28 21:51 . 2012-10-28 21:51	--------	d-----w-	c:\program files\AVAST Software
2012-10-28 17:14 . 2012-10-28 17:14	--------	d-----w-	c:\users\admin\AppData\Local\Macromedia
2012-10-28 16:45 . 2012-10-28 16:45	--------	d-----w-	c:\users\admin\AppData\Roaming\IrfanView
2012-10-28 16:37 . 2012-10-29 12:42	--------	d-----w-	c:\users\Uli\AppData\Local\temp
2012-10-28 13:33 . 2012-10-28 13:33	--------	d-----w-	c:\users\admin\AppData\Roaming\IObit
2012-10-27 12:23 . 2012-10-27 12:23	--------	d-----w-	c:\users\Uli\AppData\Local\Mozilla Firefox
2012-10-26 09:05 . 2012-10-17 00:31	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{11140E1C-5133-4A88-9FF3-71A21F03D02E}\mpengine.dll
2012-10-24 11:09 . 2012-10-24 11:22	--------	d-----w-	c:\users\testadm
2012-10-17 17:33 . 2012-10-17 17:33	--------	d-----w-	c:\users\Kate\AppData\Roaming\ATI
2012-10-17 17:33 . 2012-10-17 17:33	--------	d-----w-	c:\users\Kate\AppData\Local\ATI
2012-10-17 14:31 . 2012-10-17 14:31	--------	d-----w-	c:\users\Uli\AppData\Roaming\ATI
2012-10-17 14:31 . 2012-10-17 14:31	--------	d-----w-	c:\users\Uli\AppData\Local\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\users\admin\AppData\Roaming\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\users\admin\AppData\Local\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\programdata\ATI
2012-10-17 14:14 . 2012-10-17 14:14	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2012-10-17 14:11 . 2009-08-23 08:02	120336	----a-w-	c:\windows\system32\drivers\AtiHdmi.sys
2012-10-17 14:02 . 2009-05-21 04:23	4178264	----a-w-	c:\windows\SysWow64\D3DX9_41.dll
2012-10-17 14:02 . 2009-03-18 13:00	32768	----a-w-	c:\windows\SysWow64\Auxiliary.dll
2012-10-17 14:00 . 2012-10-17 14:11	--------	d-----w-	c:\program files (x86)\Setup Files
2012-10-17 13:56 . 2012-10-17 13:56	--------	d-----w-	c:\users\Uli\AppData\Roaming\Tracker Software
2012-10-16 20:17 . 2012-10-16 20:18	--------	d-----w-	c:\users\Uli\AppData\Roaming\Research In Motion
2012-10-16 20:17 . 2012-10-16 20:17	--------	d-----w-	c:\users\Uli\AppData\Local\Research In Motion
2012-10-16 20:15 . 2011-07-20 11:58	44032	----a-w-	c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-10-16 20:15 . 2012-10-25 10:43	--------	d-----w-	c:\program files (x86)\Common Files\XCPCSync.OEM
2012-10-15 11:48 . 2012-10-15 11:48	--------	d-----w-	c:\programdata\Gigaset QuickSync
2012-10-15 11:47 . 2012-10-15 11:47	--------	d-----w-	c:\users\Uli\AppData\Local\Gigaset_Communications_Gm
2012-10-15 11:45 . 2012-10-15 11:45	--------	d-----w-	c:\program files (x86)\Gigaset QuickSync
2012-10-15 11:37 . 2012-10-15 11:37	--------	d-----w-	c:\users\Uli\AppData\Local\Shaw Computer
2012-10-15 11:37 . 2009-06-23 03:59	313856	----a-w-	c:\windows\SysWow64\SPort.dll
2012-10-15 11:37 . 2003-06-22 18:31	65536	----a-w-	c:\windows\SysWow64\vbalProgBar6.ocx
2012-10-15 11:37 . 2001-05-24 09:20	544256	----a-w-	c:\windows\SysWow64\janGraphics.dll
2012-10-15 11:37 . 1998-07-05 23:00	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-15 11:37 . 2012-10-15 11:37	--------	d-----w-	c:\program files (x86)\gTool
2012-10-15 11:37 . 2008-10-10 12:36	656200	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-10-15 11:37 . 2000-07-19 13:26	151552	----a-w-	c:\windows\SysWow64\ccrpFD6.ocx
2012-10-15 11:37 . 1998-07-06 00:00	33792	----a-w-	c:\windows\SysWow64\CMDLGDE.DLL
2012-10-15 11:37 . 1998-07-05 23:00	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-15 11:37 . 1998-07-05 23:00	14336	----a-w-	c:\windows\SysWow64\MSComDE.dll
2012-10-10 18:45 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 18:45 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 18:45 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 18:45 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 18:45 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 18:45 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 18:45 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 18:45 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 09:56 . 2012-10-10 09:56	--------	d-----w-	c:\program files\CPUID
2012-10-08 13:22 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-08 13:21 . 2012-10-08 13:22	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-08 13:21 . 2012-10-08 13:22	--------	d-----w-	c:\program files\iTunes
2012-10-08 13:21 . 2012-10-08 13:22	--------	d-----w-	c:\program files (x86)\iTunes
2012-10-08 13:21 . 2012-10-08 13:21	--------	d-----w-	c:\program files\iPod
2012-10-08 11:39 . 2012-10-08 11:39	794112	----a-w-	c:\windows\system32\Gqstsp.tsp
2012-10-08 11:26 . 2012-10-08 11:26	495616	----a-w-	c:\windows\SysWow64\Gqstsp.tsp
2012-10-08 11:09 . 2012-10-08 11:09	54272	----a-w-	c:\windows\system32\drivers\GigasetGenericUSB_x64.sys
2012-09-30 22:37 . 2012-09-30 22:37	--------	d-----w-	c:\users\Kate\AppData\Roaming\AVG10
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 21:57 . 2010-03-20 19:08	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 09:29 . 2012-04-26 10:18	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 09:29 . 2011-06-10 06:23	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-08-04 20:39	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-16 18:01 . 2012-06-08 11:11	61440	----a-r-	c:\users\admin\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-08-24 11:15 . 2012-09-22 09:52	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 09:52	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 09:52	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 09:52	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 09:52	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 09:52	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 09:52	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 09:52	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 09:52	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 09:52	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 09:52	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 09:52	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 09:52	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 09:52	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 09:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 09:52	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 09:52	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 09:52	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 09:52	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 09:52	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 09:52	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 09:52	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 09:38	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:38	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:38	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:38	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 15:06	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2010-03-21 10:21	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2010-03-21 10:21	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 18:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:38	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:38	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-04-19 611712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2009-9-1 6407854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-21 1038088]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys [2012-10-08 54272]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-24 115168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 15360]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-14 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-04-19 288112]
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-21 52856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [2010-03-20 615440]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 09:29]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394765569-1510172786-3570238692-1001Core.job
- c:\users\Uli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 17:13]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394765569-1510172786-3570238692-1001UA.job
- c:\users\Uli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 11:17	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://portal.computacenter.de/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\w315ohqn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-29  13:44:13
ComboFix-quarantined-files.txt  2012-10-29 12:44
ComboFix2.txt  2012-10-28 16:37
ComboFix3.txt  2012-10-28 15:56
ComboFix4.txt  2012-10-28 12:23
ComboFix5.txt  2012-10-29 08:19
.
Vor Suchlauf: 25 Verzeichnis(se), 670.080.602.112 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 669.881.483.264 Bytes frei
.
- - End Of File - - 8F0CFBAC1F53312EBE1AD665C1758D83

cosinus · 29.10.2012, 14:26

Jetzt steht aber kein Avast bei dir im Kopf vom CF-Log

magnus65 · 29.10.2012, 14:45

Stimmt ;-)

Verstehen muss ich das ja nicht unbedingt, siehe Prozessliste

28.10.2012, 15:04	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot) - Standard$ mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot) Probier mal den AVG Remover => AVG Tools-Download __________________ Logfiles bitte immer in CODE-Tags posten

29.10.2012, 14:26	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot) - Standard$ mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot) Jetzt steht aber kein Avast bei dir im Kopf vom CF-Log __________________ Logfiles bitte immer in CODE-Tags posten

mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot)

Plagegeister aller Art und deren Bekämpfung: mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot)