Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware nach Formatierung weg?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.12.2012, 18:36   #1
Nickola
 
Malware nach Formatierung weg? - Standard

Malware nach Formatierung weg?



Hallo!

Ich hatte ein Virenproblem und nun den PC wieder in den Auslieferungszustand zurücksetzen lassen. Hab OTL und Malwarebytes gleich drüber laufen lassen. Hier sind die Logs:

Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ronny :: RONNY-HP [Administrator]

Schutz: Aktiviert

30.11.2012 18:04:08
mbam-log-2012-11-30 (18-04-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336204
Laufzeit: 27 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 30.11.2012 17:25:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 74,23% Memory free
11,90 Gb Paging File | 10,29 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,34 Gb Total Space | 413,41 Gb Free Space | 92,83% Space Free | Partition Type: NTFS
Drive D: | 16,26 Gb Total Space | 1,76 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32
Drive G: | 14,92 Gb Total Space | 8,28 Gb Free Space | 55,48% Space Free | Partition Type: FAT32
Drive H: | 7,45 Gb Total Space | 1,86 Gb Free Space | 24,97% Space Free | Partition Type: FAT32
 
Computer Name: RONNY-HP | User Name: Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.30 00:51:30 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.30 00:50:48 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.30 00:50:38 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.28 02:04:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011.06.28 09:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.06.15 16:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.05.24 14:05:30 | 002,750,872 | ---- | M] (OrdinarySoft) -- C:\Program Files (x86)\Start Menu 7\StartMenu7.exe
PRC - [2011.05.21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.05.05 22:06:46 | 000,263,496 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011.05.05 22:06:28 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011.05.05 22:06:02 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011.04.29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.29 23:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.04.08 11:01:16 | 000,586,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011.04.08 11:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.23 00:36:47 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e7e3902987fea327bf0cd6e25ef958c0\IAStorUtil.ni.dll
MOD - [2011.09.23 00:36:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\7087986a1294e20a2372a0c9a6ce1488\IAStorCommon.ni.dll
MOD - [2011.07.16 05:06:18 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.07.16 05:06:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.07.15 19:46:56 | 000,877,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2010.11.21 04:51:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
MOD - [2010.11.21 04:49:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010.11.21 04:49:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010.11.21 04:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010.11.21 04:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010.11.21 04:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010.11.21 04:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010.11.21 04:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010.11.21 04:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010.11.21 04:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.30 00:51:30 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.30 00:50:48 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.06.07 23:21:54 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.05.21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.05.05 22:06:46 | 000,263,496 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011.04.29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.04.08 11:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.18 23:37:00 | 002,372,096 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.02.16 21:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2011.02.01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.30 00:51:46 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.30 00:51:45 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.16 05:16:26 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.16 05:16:26 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 03:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.07 23:21:58 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.05.10 18:57:26 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.05.10 18:57:04 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.04.26 10:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.19 10:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011.02.15 20:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.01.27 06:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.07.28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.30 17:05:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.30 17:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronny\AppData\Roaming\mozilla\Extensions
[2012.11.30 17:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.30 17:07:39 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [StartMenu7] C:\Program Files (x86)\Start Menu 7\StartMenu7.exe (OrdinarySoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03732BA0-7D4B-4E0D-ACEE-F1A5A4351E50}: DhcpNameServer = 40.22.1.201 40.22.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AB1C153-7CAC-4858-8174-F2D59F3061DA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.27 02:51:44 | 078,629,325 | ---- | M] () - H:\Auto.ea -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.30 23:28:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.11.30 17:21:02 | 000,000,000 | ---D | C] -- C:\Studium
[2012.11.30 17:05:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Mozilla
[2012.11.30 17:05:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Mozilla
[2012.11.30 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.30 17:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.11.30 17:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.30 17:00:01 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Start Menu 7
[2012.11.30 16:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 7
[2012.11.30 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Start Menu 7
[2012.11.30 00:49:32 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Adobe
[2012.11.30 00:49:03 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Avira
[2012.11.30 00:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.30 00:44:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.30 00:44:14 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.30 00:44:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.30 00:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.30 00:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.30 00:43:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.30 00:37:23 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Intel Corporation
[2012.11.30 00:37:22 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\hpqLog
[2012.11.30 00:37:21 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Synaptics
[2012.11.30 00:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.11.30 00:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Searches
[2012.11.30 00:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.11.30 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Identities
[2012.11.30 00:36:56 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Contacts
[2012.11.30 00:36:07 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\RemEngine
[2012.11.30 00:34:45 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Hewlett-Packard
[2012.11.30 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Hewlett-Packard
[2012.11.30 00:34:38 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\AuthenTec
[2012.11.30 00:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%COREALLUSERPATH%
[2012.11.30 00:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012.11.30 00:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2012.11.30 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Hewlett-Packard_Company
[2012.11.30 00:33:59 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\VirtualStore
[2012.11.30 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Symantec
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Vorlagen
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\AppData\Local\Verlauf
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\AppData\Local\Temporary Internet Files
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Startmenü
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\SendTo
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Recent
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Netzwerkumgebung
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Lokale Einstellungen
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Documents\Eigene Videos
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Documents\Eigene Musik
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Eigene Dateien
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Documents\Eigene Bilder
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Druckumgebung
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Cookies
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\AppData\Local\Anwendungsdaten
[2012.11.30 00:33:29 | 000,000,000 | -HSD | C] -- C:\Users\Ronny\Anwendungsdaten
[2012.11.30 00:33:28 | 000,000,000 | --SD | C] -- C:\Users\Ronny\AppData\Roaming\Microsoft
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Videos
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Saved Games
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Pictures
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Music
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Links
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Favorites
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Downloads
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Documents
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\Desktop
[2012.11.30 00:33:28 | 000,000,000 | R--D | C] -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.30 00:33:28 | 000,000,000 | -H-D | C] -- C:\Users\Ronny\AppData
[2012.11.30 00:33:28 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Temp
[2012.11.30 00:33:28 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Microsoft
[2012.11.30 00:33:28 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Media Center Programs
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.11.30 00:33:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.30 23:29:28 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.11.30 23:29:28 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.11.30 17:23:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.30 17:23:34 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.30 17:23:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.30 17:23:34 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.30 17:23:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.30 17:15:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 17:15:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 17:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.30 17:07:18 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.30 17:05:29 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.30 00:51:46 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.30 00:51:45 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.30 00:44:20 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.30 00:43:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.30 00:30:27 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== Files Created - No Company Name ==========
 
[2012.11.30 23:28:02 | 495,865,855 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.30 17:05:29 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.30 17:05:29 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.30 00:44:20 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.30 00:43:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.30 00:37:17 | 000,001,405 | ---- | C] () -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.11.30 00:37:13 | 000,001,439 | ---- | C] () -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.30 00:34:20 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Erleben Sie HP webOS.lnk
[2012.11.30 00:34:20 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Fotos.lnk
[2012.11.30 00:34:20 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2012.11.30 00:34:20 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011.09.23 00:38:42 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.09.23 00:32:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.15 19:46:03 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.06.10 03:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.13 06:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011.05.10 18:57:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.10 18:57:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.10 18:57:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.05.10 18:57:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.10 18:56:54 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.30 17:06:18 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Start Menu 7
[2012.11.30 00:37:21 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >
         
Extras OTL:
Code:
ATTFilter
OTL Extras logfile created on: 30.11.2012 17:25:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 74,23% Memory free
11,90 Gb Paging File | 10,29 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,34 Gb Total Space | 413,41 Gb Free Space | 92,83% Space Free | Partition Type: NTFS
Drive D: | 16,26 Gb Total Space | 1,76 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32
Drive G: | 14,92 Gb Total Space | 8,28 Gb Free Space | 55,48% Space Free | Partition Type: FAT32
Drive H: | 7,45 Gb Total Space | 1,86 Gb Free Space | 24,97% Space Free | Partition Type: FAT32
 
Computer Name: RONNY-HP | User Name: Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17F7D6FB-27AB-40A1-929F-EF8FD517BFBC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A14D5F5-88D1-42DF-A40F-CE9CCBEB9027}" = lport=445 | protocol=6 | dir=in | app=system | 
"{350CC938-B496-4974-925B-C461B00B5401}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E4E8FFF-4C6D-48E9-9C2A-486AC5AFF22F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44332B26-F36F-4B1D-AF7E-D7FF6DA0F438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E22A286-B842-4AD3-83DA-5C844D8A411C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5E60A406-BE8F-43F1-B6D8-FD27E5C72860}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6431C94F-F3A2-48FC-B9E6-1C908D6D77B4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6AC97102-19B8-4D6A-867A-2FC050A4A90D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7500E2C8-7F4B-4D86-96CC-B48845B9A95F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{76A8357B-2FA3-4A1E-B2EF-A25DF1FC9557}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BF01F5F-A0B5-4BEA-B633-6BA104A77518}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CA58ED8-0E37-4561-A8B4-F410E64BEFF5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9E78FE6C-D46C-4510-8C4F-6564FE400A4D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AE83E2B3-7600-4138-8490-B90C9157EE8B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B13CBD55-0E13-4318-AB58-11845F69797D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B8A624F2-CB99-4713-9A28-AD05C0B3EE02}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF4607EA-054A-4AF6-9CB5-69F6697413E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C4A2DABF-FBF1-4787-ABC3-D5438723E707}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DE0559A7-851A-4C7A-ACD1-13AA685425AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EABC8A0A-DE7A-4A7A-8B81-B71EBEB80432}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ED90839C-4A1A-4BCA-AF2F-73CEF18F7681}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F06AD0DF-0E36-496A-8043-0B1967FA059C}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D17EB02-460A-4B20-8387-7BCE9FD46090}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{15F93770-8E9F-4776-A950-E43CB54177DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C545E73-E8C0-4CDF-B065-BA02BF594D31}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{335EDD01-5CF2-4564-A8DF-BD97D48C0CBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{386016D5-5282-43FC-9A34-C6812AEE515B}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{3DEBB804-A7F2-4F19-9884-A4D53D18F977}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DB90BCE-88A3-40E0-9A7F-BE000A695511}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{846423A6-5E0C-49FE-8FF3-B9CFCBD372F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9BB947F4-4873-479D-8A47-A2F9A586FC38}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A8CC9544-A6D1-47F0-9917-EF185925C26D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B322C05E-F736-4AE7-AF2B-CC5F36951451}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{B452406A-E95D-4582-9AAC-13B86901A4F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B9064957-67CF-44DA-A92B-C90C95652A1E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C73D51A9-D323-4FED-833D-66D3569E3704}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CC6C8918-D84B-453B-89E9-9ED0E5735D7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4D709B2-46AC-4A8C-B6F1-D716600EC313}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8B91B17-089D-41B2-B2FD-408EBD5732AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F0F15BE4-4FCE-41E2-8E24-127B9AA8DBA9}" = protocol=6 | dir=out | app=system | 
"{F2E1A9AD-AD1A-4C4C-A63B-381C90DC21D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8B0423C-9153-47AD-9110-DD98F4F744F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F99AD369-2AFB-4E38-95B7-1039B1A262E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA4B5E88-2D14-4B50-8597-F86A34998A92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FCA324D2-821E-4D56-BD36-A431309D00D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD341799-251F-4905-9FE2-2247B34F8CFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}" = HP SimplePass PE 2011
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}" = HP Quick Launch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B446137B-18A1-4FAE-B0E4-ABE8F09705F1}" = HP Software Framework
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}" = HP Documentation
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Start Menu 7_is1" = Start Menu 7 3.88
"VIP Access SDK" = VIP Access SDK (1.0.1.2) 
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-005af271-c143-42fa-8974-58f7ee67917a" = Mah Jong Medley
"WTA-129bdf76-a0c9-4dce-ba02-c90317142feb" = Mystery of Mortlake Mansion
"WTA-140c8940-43ee-4237-a075-dbd2f5f9ac7e" = Chronicles of Albian
"WTA-1539e007-aca6-4ccc-aa47-dfc0dbe73469" = Slingo Deluxe
"WTA-202790ae-36ca-46e4-9c62-3e0a8ec8da10" = Farm Frenzy
"WTA-2392d1da-ebfd-4a23-8f6e-24122084c906" = Cradle of Rome 2
"WTA-4eaf005f-ef42-48df-83f8-e6e2c18d804d" = Agatha Christie - Peril at End House
"WTA-6d79f6c5-94ac-434a-896a-70a262f57885" = Cake Mania
"WTA-75a129e6-3d18-4e24-9198-edad03db57a1" = Bejeweled 3
"WTA-7e641ae8-9930-4497-a366-80fa6fae93b6" = Zuma Deluxe
"WTA-87e08b22-a9d3-4a1c-b1e0-547308059480" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-8cdc521f-1814-4469-a0c0-0c4ee3092449" = Plants vs. Zombies - Game of the Year
"WTA-a70f4aaa-e209-4855-adc6-ecbe426fb291" = Jewel Quest Solitaire
"WTA-ad36f2e7-3eb3-449c-863f-481e89978b6a" = FATE
"WTA-aee88314-5d63-454b-8e12-be6dfd78bab4" = Vacation Quest - The Hawaiian Islands
"WTA-d4819468-1ddf-4a7f-abeb-0d353a780e19" = Penguins!
"WTA-d5c296e2-ecaf-4011-983d-d5eb0264fa9e" = Polar Bowler
"WTA-dba1fe26-675e-4a18-8561-b8a52f1d2c02" = Virtual Villagers - The Secret City
"WTA-e58473be-a898-4b08-a9dc-ad2a2f34351d" = Blasterball 3
"WTA-eeacb5c5-3051-403e-a905-b2f07a5e64cf" = Bounce Symphony
"WTA-f3ef00d6-9d43-4dac-b514-c1e703bf9a4b" = Chuzzle Deluxe
"WTA-fc6ac1c3-5feb-4f02-8b0f-afa10d55e100" = Governor of Poker 2 Premium Edition
"WTA-fdb9e171-f605-483b-9e60-4b78b576aba3" = Namco All-Stars: PAC-MAN
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.11.2012 19:34:58 | Computer Name = Ronny-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.11.2012 19:36:31 | Computer Name = Ronny-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.11.2012 19:37:24 | Computer Name = Ronny-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWMISVC.exe, Version: 2.3.1.0, Zeitstempel:
 0x4d9e7ce7  Name des fehlerhaften Moduls: HPWMISVC.exe, Version: 2.3.1.0, Zeitstempel:
 0x4d9e7ce7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000016d1  ID des fehlerhaften Prozesses:
 0x34c  Startzeit der fehlerhaften Anwendung: 0x01cdcf4a2c5ea3aa  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
Berichtskennung:
 b9b03427-3a7d-11e2-b76a-ec9a743f04e1
 
Error - 29.11.2012 19:41:29 | Computer Name = Ronny-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.11.2012 19:50:56 | Computer Name = Ronny-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.11.2012 11:59:09 | Computer Name = Ronny-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.11.2012 12:07:44 | Computer Name = Ronny-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2012 12:09:57 | Computer Name = Ronny-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 29.11.2012 19:37:25 | Computer Name = Ronny-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "HPWMISVC" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
 
< End of report >
         
Ist jetzt alles wieder sauber oder kann die Malware immer noch drauf sein?

Alt 03.12.2012, 16:47   #2
markusg
/// Malware-holic
 
Malware nach Formatierung weg? - Standard

Malware nach Formatierung weg?



sieht ok aus, sichere den PC ab.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________

__________________

Antwort

Themen zu Malware nach Formatierung weg?
administrator, antivir, autorun, avira, bho, bingbar, desktop, error, explorer, fehler, firefox, flash player, format, helper, home, index, install.exe, launch, logfile, malware, mozilla, problem, realtek, registry, rundll, scan, security, services.exe, software, wildtangent games




Ähnliche Themen: Malware nach Formatierung weg?


  1. Daten nach formatierung retten...
    Alles rund um Windows - 19.09.2017 (19)
  2. Freeze / Bluescreen nach Formatierung
    Alles rund um Windows - 18.01.2014 (7)
  3. Nach Formatierung noch Malware vorhanden?
    Log-Analyse und Auswertung - 22.07.2013 (22)
  4. Pflichtprogramme nach Formatierung
    Antiviren-, Firewall- und andere Schutzprogramme - 19.06.2013 (10)
  5. Nach Formatierung kommt immer noch Avira Meldung> Virenmeldung Malware
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)
  6. Odin.exe Trojaner nach Formatierung ?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (1)
  7. Netzwerkkartentreiber fehlt nach formatierung!
    Netzwerk und Hardware - 21.04.2011 (13)
  8. PC hängt trotz Formatierung und Anti-Viren/Malware Programmen
    Alles rund um Windows - 02.03.2011 (7)
  9. Starker Leistungseinbruch nach Formatierung
    Log-Analyse und Auswertung - 11.09.2010 (2)
  10. Ist mein Icq-Virus nach Formatierung weg?
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (10)
  11. explorer.exe 100% CPU-Auslastung nach PC Formatierung
    Alles rund um Windows - 31.03.2010 (21)
  12. PC nach formatierung wieder infiziert
    Log-Analyse und Auswertung - 19.10.2009 (2)
  13. HijackThis Logfile nach Formatierung
    Log-Analyse und Auswertung - 20.12.2008 (0)
  14. virus? firewall down - nach formatierung !
    Plagegeister aller Art und deren Bekämpfung - 09.09.2006 (1)
  15. Trojaner nach Formatierung nicht weg, was tun?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2006 (2)
  16. Böser Eintrag im HJT-Log nach Formatierung!
    Log-Analyse und Auswertung - 15.11.2005 (1)
  17. Hijacker nach Formatierung
    Log-Analyse und Auswertung - 30.09.2005 (2)

Zum Thema Malware nach Formatierung weg? - Hallo! Ich hatte ein Virenproblem und nun den PC wieder in den Auslieferungszustand zurücksetzen lassen. Hab OTL und Malwarebytes gleich drüber laufen lassen. Hier sind die Logs: Malwarebytes Code: Alles - Malware nach Formatierung weg?...
Archiv
Du betrachtest: Malware nach Formatierung weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.