Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ebenfalls "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" (https://www.trojaner-board.de/109930-ebenfalls-windowssystem-wurde-sicherheitsgruenden-blockiert.html)

DerMephisto 14.02.2012 19:33
ebenfalls "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert"
 
Guten Abend!

Mich hat ebenfalls der wohl ziemlich verbreitete Trojaner mit der Meldung "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" und der 50€ Forderung erwischt. Ich benutze Windows 7.
Für Hilfe wäre ich sehr dankbar.

markusg 14.02.2012 19:49
hi,
neustart, f8 drücken, abgesicherter modus mit netzwerk wählen im infiziertem konto anmelden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

DerMephisto 14.02.2012 20:20
Danke für die schnelle Antwort. Habe OTL ausgeführt und den Text dabei unten eingeführt. Leider finde ich nur eine otl.txt, siehe unten,aber keine extra.txt. Habe ich etwas falsch gemacht?

OTL Logfile:
Code:
OTL logfile created on: 14.02.2012 19:53:03 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Test
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 89,51% Memory free
11,82 Gb Paging File | 11,23 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 531,62 Gb Free Space | 80,85% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 14,75 Gb Free Space | 38,83% Space Free | Partition Type: NTFS
Drive G: | 1,97 Gb Total Space | 1,95 Gb Free Space | 98,99% Space Free | Partition Type: FAT
 
Computer Name: JENSLAPTOP | User Name: Jens Goebler | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Test\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fspad_wlh64) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys (Sentelic Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jens Goebler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.11 22:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.12 15:52:49 | 000,000,000 | ---D | M]
 
[2011.07.19 15:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens Goebler\AppData\Roaming\mozilla\Extensions
[2012.02.11 22:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens Goebler\AppData\Roaming\mozilla\Firefox\Profiles\hqse6gkh.default\extensions
[2012.02.11 22:40:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jens Goebler\AppData\Roaming\mozilla\Firefox\Profiles\hqse6gkh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.11 18:49:32 | 000,000,950 | ---- | M] () -- C:\Users\Jens Goebler\AppData\Roaming\Mozilla\Firefox\Profiles\hqse6gkh.default\searchplugins\icqplugin-1.xml
[2011.09.11 12:35:48 | 000,000,950 | ---- | M] () -- C:\Users\Jens Goebler\AppData\Roaming\Mozilla\Firefox\Profiles\hqse6gkh.default\searchplugins\icqplugin-2.xml
[2011.08.15 16:36:45 | 000,001,056 | ---- | M] () -- C:\Users\Jens Goebler\AppData\Roaming\Mozilla\Firefox\Profiles\hqse6gkh.default\searchplugins\icqplugin.xml
[2011.12.25 21:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.14 09:46:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.25 21:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.12.25 21:46:41 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\USERS\JENS GOEBLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQSE6GKH.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.02.11 22:40:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Skype Extension = C:\Users\Jens Goebler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Jens Goebler\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B48483C1-9D0F-41C1-AA32-E95742AED389}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3A6E934-EC64-4C14-A3A4-BBF5EA01BBDC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.14 19:52:05 | 000,000,000 | ---D | C] -- C:\Test
[2012.02.14 19:37:00 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jens Goebler\Desktop\TDSSKiller.exe
[2012.02.14 19:37:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jens Goebler\Desktop\OTL.exe
[2012.02.14 19:36:59 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jens Goebler\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.13 13:33:14 | 000,000,000 | ---D | C] -- C:\1
[2012.02.13 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Roaming\Malwarebytes
[2012.02.13 12:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.13 12:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.13 12:23:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.13 12:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 11:56:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.12 19:44:21 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{B8FCFCAA-A919-4AB7-A6B6-C721184A4972}
[2012.02.12 19:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{D4E840F6-FC29-4141-957B-63A80674F581}
[2012.02.11 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2688DFFE-A844-401A-899A-DEC200B4B447}
[2012.02.11 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{19002E7A-9D49-40A7-8C3C-363F58E57B98}
[2012.02.10 20:52:32 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{9A54E7EC-0B18-480C-942D-17E9002E437A}
[2012.02.10 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{15690E0C-7792-4209-92D4-BA7B3D3B0D18}
[2012.02.09 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{EF5C9A02-2E00-4173-94D6-5B48658154BF}
[2012.02.09 19:36:19 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{49C93187-3C1F-4573-B944-4A766FCEEF5F}
[2012.02.08 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{4C13CA6E-D943-4A36-B681-049777F430E8}
[2012.02.08 18:56:10 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{805AB646-CA0F-40B3-B29C-5E5F338D0E51}
[2012.02.07 19:51:32 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{94AD32B4-385F-4254-9A23-366DDDA1E786}
[2012.02.07 19:51:20 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{1C020B46-959F-4C15-BF46-2CBD26015209}
[2012.02.06 21:21:30 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{0531EDC8-8A50-4D81-AD8C-7295184E39D5}
[2012.02.06 21:21:17 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{7A2FE573-CD5A-4D91-893E-A688C1CB99A2}
[2012.02.05 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{B0EAD640-DBC1-465E-9AB8-239F561AB145}
[2012.02.05 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{FDC701D1-DAF0-4E43-9CD0-91027085AE0E}
[2012.02.04 23:59:25 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{F62A18E2-A1F9-42B1-89B5-67B799B6E9F5}
[2012.02.04 23:58:09 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{704BFB73-B681-4F49-80D9-CCDFD7EB528F}
[2012.02.04 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{0B408E28-39CD-4A0F-A5F6-06D407EFF80F}
[2012.02.04 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{DC63EB52-760D-403E-8003-26E7B632AF47}
[2012.02.03 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{B70B01DA-983D-4AEE-A689-DCB704DEDB59}
[2012.02.03 23:27:21 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2FDB1BFB-14C6-460D-A95F-115990195834}
[2012.02.03 11:26:46 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{435DD551-B455-426E-99B7-97DD7601688E}
[2012.02.03 11:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{3C894875-F456-4714-9D5B-53C37D7D8287}
[2012.02.02 11:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{289F2205-9295-4BE6-BD4E-92142F20B2B7}
[2012.02.02 11:03:32 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{92A9CD06-7CA4-4BA2-8722-1015BFBAF20D}
[2012.02.01 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{EB61DF9D-156C-47D2-9F27-F9FCE1B98D6B}
[2012.02.01 23:02:50 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{9E34CC90-32A3-4999-894E-02B5B190D029}
[2012.02.01 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2FF2C925-F479-4A8C-B05B-FBCC13E0B41E}
[2012.02.01 11:02:04 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{27685F09-49A3-491E-A57A-9D3DA246A405}
[2012.01.31 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{0E6E5587-DA28-4819-BAA4-04C5788207DF}
[2012.01.31 22:23:10 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{83A5B622-9064-4BCE-A6FD-3BB7BA2D22FA}
[2012.01.31 09:20:45 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{83A3AD44-70EE-4005-98C5-F4579876C336}
[2012.01.31 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{093F39B5-F7F3-42F3-98D6-6C6417B5E8B3}
[2012.01.30 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{F3FF94E8-120B-46E4-8916-D6BCFDC059EB}
[2012.01.30 21:01:16 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{BE9687CD-FB55-4FCD-9188-569101EC4D71}
[2012.01.29 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{48DEE0E7-78A4-4BBB-AC0E-54672A5671D0}
[2012.01.29 17:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{A762B8BC-19D6-428B-B9A1-1E74F6F6914B}
[2012.01.28 15:52:48 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{0962C84E-7382-4F35-80AB-FDED7C158A6A}
[2012.01.28 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{A03CDC59-76E5-483A-BCFA-EF9F2D6854D6}
[2012.01.27 21:17:30 | 000,000,000 | ---D | C] -- C:\Film
[2012.01.27 21:10:13 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2C6998DE-D1BD-40F8-9732-8BBEA2F75803}
[2012.01.27 21:09:51 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{0C45BA8A-A8C8-4E9A-A241-90409AC2EB06}
[2012.01.27 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{8931E6FD-08C0-439D-924D-A555F6172E84}
[2012.01.26 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{D060DEB6-4113-4CF1-8D25-FE961FA14A70}
[2012.01.26 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2745ECA0-2125-416F-B26E-014A11E38BEC}
[2012.01.26 11:27:49 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{46309B1C-F677-4173-8B7B-2AD9931FDD02}
[2012.01.26 11:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{99D1BB07-D4BE-4E45-A226-1707A8AD0AA1}
[2012.01.25 11:03:06 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{CFF11748-98CA-4D0A-A5FC-006666DF4A44}
[2012.01.25 11:02:54 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{0DDA3814-2BEF-48B6-86C8-B878BA3060E2}
[2012.01.24 14:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{99FAF150-58B8-46AB-A864-EBAAB993992A}
[2012.01.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{25A16793-18E6-423A-B77D-9CB75C565609}
[2012.01.23 14:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{B8F1D2CC-7CF5-4882-8F18-7365893BDFDC}
[2012.01.23 14:37:30 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{3711CF83-BE57-448D-BD50-989CE4E283AE}
[2012.01.22 23:20:21 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{9185D2B5-D07A-486F-A1F0-5D5A81BB6605}
[2012.01.22 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{F2BF0538-5DD5-44DF-8D60-D334C8F409B7}
[2012.01.22 11:08:44 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2735C83F-EA98-431A-A0C1-21811A4C8C59}
[2012.01.22 11:08:31 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{AA75C1C1-48B0-4CD2-B211-26F6CDC23C37}
[2012.01.21 15:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{8D4A7838-8ACB-433F-B62F-E67ECFD141A2}
[2012.01.21 15:38:16 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{B9DD1A84-EC21-4F94-8E0B-02355953A2DF}
[2012.01.19 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{98EA2088-A59D-4873-8545-7EAD3EDD68AC}
[2012.01.19 19:02:42 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{2BEDF5CE-27E7-4DDE-A961-7E3A3DB7CE50}
[2012.01.18 20:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{C52DDCEA-6551-480E-A0D1-A46DE86B2873}
[2012.01.18 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{4C9774A9-8F2A-4E70-B927-3E3B6FDA0F54}
[2012.01.17 19:03:27 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{028FC705-2551-4BD0-9050-9ACD6AC33804}
[2012.01.17 19:03:03 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{70F4497B-3B06-42F4-B77C-5468A3F46263}
[2012.01.16 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{413BB68D-203F-4A6B-95CE-58329F0C31A4}
[2012.01.16 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{637B9E0D-027D-4F24-A8B8-E071AB75511C}
[2012.01.15 20:03:54 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{57354458-CD52-4E2B-9C66-B9932701403F}
[2012.01.15 20:03:41 | 000,000,000 | ---D | C] -- C:\Users\Jens Goebler\AppData\Local\{664CC97A-34CD-400C-9947-86B52F097060}
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 19:49:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 19:48:38 | 466,919,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.14 19:47:51 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.02.13 12:29:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 12:23:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 12:22:25 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.13 12:22:25 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.13 12:22:25 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.13 12:22:25 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.13 12:22:25 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.13 12:18:24 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jens Goebler\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.13 11:16:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jens Goebler\Desktop\OTL.exe
[2012.02.13 02:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.12 19:50:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 19:50:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 16:59:22 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jens Goebler\Desktop\TDSSKiller.exe
[2012.01.24 20:36:58 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.13 12:23:05 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.13 15:32:54 | 000,000,173 | ---- | C] () -- C:\Users\Jens Goebler\AppData\Local\msmathematics.qat.Jens Goebler
[2011.09.20 19:35:37 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.09.16 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Jens Goebler\AppData\Local\{FA3A5B85-C669-493F-8796-51BCFD8E12AB}
[2011.08.15 22:26:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.24 15:32:13 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.06.24 15:32:12 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.19 14:00:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.19 14:00:53 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.19 14:00:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.21 06:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.02.13 00:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\BSW
[2011.12.13 15:51:46 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\ChessBase
[2011.08.19 13:29:40 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\DAEMON Tools Lite
[2011.07.19 15:38:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2012.02.13 02:51:27 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\ICQ
[2011.08.05 21:50:35 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\OpenCandy
[2011.07.19 15:22:56 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\Protector Suite
[2011.12.25 23:56:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\SoftGrid Client
[2011.08.15 22:27:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\TP
[2011.09.21 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\TweakNow RegCleaner 2011
[2011.07.19 18:03:37 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\Ubisoft
[2012.01.07 00:21:23 | 000,000,000 | ---D | M] -- C:\Users\Jens Goebler\AppData\Roaming\Unity
[2012.01.28 15:51:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.19 15:20:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.02.13 13:33:22 | 000,000,000 | ---D | M] -- C:\1
[2011.07.19 15:12:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.13 15:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.01.31 00:24:30 | 000,000,000 | ---D | M] -- C:\downloads
[2012.02.14 19:41:53 | 000,000,000 | ---D | M] -- C:\Film
[2012.01.18 22:33:22 | 000,000,000 | ---D | M] -- C:\Fotos
[2011.06.24 15:45:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.27 21:47:08 | 000,000,000 | ---D | M] -- C:\MP3
[2011.08.25 13:42:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.15 19:15:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.13 12:23:03 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.13 12:23:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.19 15:12:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.05 19:34:09 | 000,000,000 | ---D | M] -- C:\Sonstiges
[2011.09.27 19:34:27 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.02.10 20:55:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.14 19:52:19 | 000,000,000 | ---D | M] -- C:\Test
[2011.07.19 15:20:13 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.13 11:37:13 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.19 17:28:11 | 000,000,000 | ---D | M] -- C:\zip
[2012.02.13 11:56:07 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.15 19:42:38 | 000,000,255 | ---- | M] () -- C:\Users\Jens Goebler\.dsa4.properties
[2011.12.15 20:06:18 | 000,002,956 | ---- | M] () -- C:\Users\Jens Goebler\.heldEinstellungen4_1.xml
[2012.02.14 20:01:45 | 001,835,008 | -HS- | M] () -- C:\Users\Jens Goebler\NTUSER.DAT
[2012.02.14 20:01:45 | 000,262,144 | -HS- | M] () -- C:\Users\Jens Goebler\ntuser.dat.LOG1
[2011.07.19 15:20:16 | 000,000,000 | -HS- | M] () -- C:\Users\Jens Goebler\ntuser.dat.LOG2
[2011.07.19 16:04:12 | 000,065,536 | -HS- | M] () -- C:\Users\Jens Goebler\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.07.19 16:04:12 | 000,524,288 | -HS- | M] () -- C:\Users\Jens Goebler\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.07.19 16:04:12 | 000,524,288 | -HS- | M] () -- C:\Users\Jens Goebler\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.07.19 15:20:16 | 000,000,020 | -HS- | M] () -- C:\Users\Jens Goebler\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

markusg 14.02.2012 21:21
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\Jens Goebler\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
 :Files
C:\Users\Jens Goebler\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

DerMephisto 14.02.2012 21:50
Upload scheint erfolgreich gewesen zu sein.
Beim Start im normalen Modus sieht nun alles wieder normal aus.
Avira hat behauptet etwas gefunden zu haben. Crypt.ULPM.Gen hieß der Fund
Vielen Dank für die Hilfe.
Hier das logfile:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.
C:\Users\Jens Goebler\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jens Goebler
->Flash cache emptied: 58140 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56468 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jens Goebler
->Temp folder emptied: 87179269 bytes
->Temporary Internet Files folder emptied: 62994692 bytes
->Java cache emptied: 6663679 bytes
->FireFox cache emptied: 50244867 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50175440 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 2125 bytes

Total Files Cleaned = 246,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02142012_212900

Files\Folders moved on Reboot...
C:\Users\Jens Goebler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000000159A931C72D8981F1 not found!

Registry entries deleted on Reboot...

markusg 15.02.2012 11:34
danke für den upload.
bis wir fertig sind, surfe nur auf von mir benannten seiten, sonst infizierst du dich erneut eventuell.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

DerMephisto 15.02.2012 12:42
Habe Combofix runtergeladen, auf den Desktop gepackt, Avira ausgeschaltet, keine aktiven Programme, dann combofix ausgeführt, hoffe das war so richtig. Danke für die Hilfe :-)
Anbei das Logfile:

Code:
ComboFix 12-02-13.01 - Jens Goebler 15.02.2012  12:28:05.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6055.4090 [GMT 1:00]
ausgeführt von:: c:\users\Jens Goebler\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\IsUn0407.exe
c:\windows\system32\ICON.ico
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-15 bis 2012-02-15  ))))))))))))))))))))))))))))))
.
.
2012-02-15 11:33 . 2012-02-15 11:33        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-02-15 11:33 . 2012-02-15 11:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-15 11:25 . 2012-02-15 11:25        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{12B623B4-23A8-4C71-B5AB-1CA1E35D1758}\offreg.dll
2012-02-15 11:19 . 2012-02-15 11:19        --------        d-----w-        c:\users\Jens Goebler\AppData\Local\Babylon
2012-02-15 11:19 . 2012-02-15 11:19        --------        d-----w-        c:\programdata\Babylon
2012-02-15 11:18 . 2012-02-15 11:18        --------        d-----w-        c:\users\Jens Goebler\AppData\Roaming\Babylon
2012-02-14 18:52 . 2012-02-14 19:06        --------        d-----w-        C:\Test
2012-02-13 12:33 . 2012-02-15 11:23        --------        d-----w-        C:\1
2012-02-13 11:23 . 2012-02-13 11:23        --------        d-----w-        c:\users\Jens Goebler\AppData\Roaming\Malwarebytes
2012-02-13 11:23 . 2012-02-13 11:23        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-13 11:23 . 2012-02-13 11:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-13 11:23 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-13 10:56 . 2012-02-15 11:23        --------        d-----w-        C:\_OTL
2012-02-10 19:56 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{12B623B4-23A8-4C71-B5AB-1CA1E35D1758}\mpengine.dll
2012-01-27 20:17 . 2012-02-14 18:41        --------        d-----w-        C:\Film
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-11 00:16 . 2011-10-18 09:24        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:52 . 2011-12-15 16:04        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 20:44        77312        ----a-w-        c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 20:44        67072        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-7-19 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19 136176]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-07 159752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-12 2214504]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19 14:14]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19 14:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-12-10 09:59        5267792        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-12-10 09:59        5267792        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-19 11817576]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-12-10 84816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jens Goebler\AppData\Roaming\Mozilla\Firefox\Profiles\hqse6gkh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Dungeon Keeper II - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-15  12:37:00
ComboFix-quarantined-files.txt  2012-02-15 11:37
.
Vor Suchlauf: 17 Verzeichnis(se), 571.631.083.520 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 571.131.023.360 Bytes frei
.
- - End Of File - - 5DE522906AF6E7ACC00F50CB10F09CCF

markusg 15.02.2012 13:58
öffne malwarebytes, logdateien, poste alle berichte.

DerMephisto 15.02.2012 14:46
Logfiles von Malware, bitteschön. Danke für die schnelle Hilfe, darf man euch weiterempfehlen oder habt ihr schon viel zu viel zu tun? :-)

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jens Goebler :: JENSLAPTOP [Administrator]

Schutz: Deaktiviert

15.02.2012 14:28:10
mbam-log-2012-02-15 (14-28-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201001
Laufzeit: 3 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



2012/02/15 09:42:10 +0100 JENSLAPTOP Jens Goebler MESSAGE Starting protection
2012/02/15 09:42:12 +0100 JENSLAPTOP Jens Goebler MESSAGE Protection started successfully
2012/02/15 09:42:15 +0100 JENSLAPTOP Jens Goebler MESSAGE Starting IP protection
2012/02/15 09:42:16 +0100 JENSLAPTOP Jens Goebler MESSAGE IP Protection started successfully
2012/02/15 09:50:39 +0100 JENSLAPTOP Jens Goebler MESSAGE Executing scheduled update: Daily
2012/02/15 09:50:44 +0100 JENSLAPTOP Jens Goebler MESSAGE Scheduled update executed successfully: database updated from version v2012.02.14.05 to version v2012.02.15.01
2012/02/15 09:50:44 +0100 JENSLAPTOP Jens Goebler MESSAGE Starting database refresh
2012/02/15 09:50:44 +0100 JENSLAPTOP Jens Goebler MESSAGE Stopping IP protection
2012/02/15 09:51:12 +0100 JENSLAPTOP Jens Goebler MESSAGE IP Protection stopped
2012/02/15 09:51:14 +0100 JENSLAPTOP Jens Goebler MESSAGE Database refreshed successfully
2012/02/15 09:51:14 +0100 JENSLAPTOP Jens Goebler MESSAGE Starting IP protection
2012/02/15 09:51:14 +0100 JENSLAPTOP Jens Goebler MESSAGE IP Protection started successfully
2012/02/15 12:15:21 +0100 JENSLAPTOP Jens Goebler MESSAGE Starting protection
2012/02/15 12:15:23 +0100 JENSLAPTOP Jens Goebler MESSAGE Protection started successfully
2012/02/15 12:15:26 +0100 JENSLAPTOP Jens Goebler MESSAGE Starting IP protection
2012/02/15 12:15:27 +0100 JENSLAPTOP Jens Goebler MESSAGE IP Protection started successfully
2012/02/15 12:26:03 +0100 JENSLAPTOP Jens Goebler MESSAGE Stopping IP protection
2012/02/15 12:26:34 +0100 JENSLAPTOP Jens Goebler MESSAGE IP Protection stopped

markusg 15.02.2012 15:41
malwarebytes öffnen, aktualisierung, programm updaten, dann komplett scan, funde löschen, log posten

DerMephisto 15.02.2012 22:03
Fullscan nach Aktualisierung, gab keine Funde

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jens Goebler :: JENSLAPTOP [Administrator]

Schutz: Deaktiviert

15.02.2012 20:41:29
mbam-log-2012-02-15 (20-41-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 436951
Laufzeit: 1 Stunde(n), 16 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 16.02.2012 12:56
klingt doch gut.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

DerMephisto 16.02.2012 14:35
Ich habe mal "notwendig" als "Programm wird von mir benutzt definiert, hoffe das war so gemeint. Ansonsten ist natürlich das meiste wo jetzt notwendig dransteht ersetzbar bzw vieles ist nicht essentiell. Falls es anders gemeint war überarbeite ich die Liste nochmal.
Sind leider viele Sachen bei die ich so spontan nicht zuordnen kann.
Das meiste unbenötigte sind vorinstallierte Programme bei denen ich nicht weiß, ob ich sie irgendwann benutzen will.
Danke für die Hilfe.

Code:
7-Zip 9.20                18.08.2011        notwendig       
Adobe AIR        Adobe Systems Incorporated        18.07.2011                2.7.0.19530 unbekannt
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        19.07.2011        6,00MB        10.3.181.26 notwendig
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        13.11.2011        6,00MB        11.1.102.55 notwendig
Adobe Reader X (10.1.2) MUI        Adobe Systems Incorporated        11.01.2012        512MB        10.1.2 notwendig
AMI VR-pulse OS Switcher        American Megatrends Inc.        18.06.2011        0,36MB        1.1  unbekannt
Ashampoo Burning Studio        Ashampoo GmbH & Co. KG        18.06.2011        135,1MB        10.0.10 unnötig
Ashampoo Photo Commander        Ashampoo GmbH & Co. KG        18.06.2011        154,9MB        9.2.0 unnötig
Ashampoo Photo Optimizer        Ashampoo GmbH & Co. KG        18.06.2011        57,6MB        4.0.0 unnötig
Ashampoo Snap        Ashampoo GmbH & Co. KG        18.06.2011        24,8MB        4.3.0 unnötig
Avira Free Antivirus        Avira        13.02.2012        104,9MB        12.0.0.883 notwendig
CCleaner        Piriform        15.02.2012                3.15 unbekannt
Corel Graphics - Windows Shell Extension        Corel Corporation        18.07.2011        2,93MB        15.1.0.588 notwendig
CorelDRAW Essentials X5        Corel Corporation        18.07.2011        3.655MB        15.1.0.588 notwendig
CorelDRAW Essentials X5 - Extra Content        Corel Corporation        18.07.2011        notwendig       
CyberLink LabelPrint        CyberLink Corp.        18.06.2011        57,4MB        2.5.3624 unnötig
CyberLink MediaEspresso        CyberLink Corp.        18.06.2011        159,0MB        6.5.1508_36229 unnötig
CyberLink MediaShow        CyberLink Corp.        18.06.2011        390MB        5.1.2414 unnötig
CyberLink PhotoNow        CyberLink Corp.        18.06.2011        21,8MB        1.1.0.6904 unnötig
CyberLink Power2Go        CyberLink Corp.        18.06.2011        233MB        7.0.0.1327 unnötig
CyberLink PowerDirector        CyberLink Corp.        18.06.2011        358MB        8.0.4020 unnötig
CyberLink PowerDVD 10        CyberLink Corp.        18.06.2011        188,7MB        10.0.2930.52 unnötig
CyberLink PowerDVD Copy        CyberLink Corp.        18.06.2011        31,0MB        1.5.1306 unnötig
CyberLink PowerProducer        CyberLink Corp.        18.06.2011        183,9MB        5.0.2.3503 unnötig
CyberLink YouCam        CyberLink Corp.        18.06.2011        135,8MB        3.1.4013 unnötig
Dolby Home Theater v4        Dolby Laboratories Inc        18.06.2011        28,1MB        7.2.7000.4 unnötig
Google Chrome        Google Inc.        18.07.2011                16.0.912.77 unnötig
Google Toolbar for Internet Explorer        Google Inc.        11.01.2012                7.2.2427.2330 unnötig
ICQ7.6        ICQ        13.09.2011                7.6 notwendig
Intel(R) Management Engine Components        Intel Corporation        19.06.2011                7.0.0.1144  unbekannt
Intel(R) Processor Graphics        Intel Corporation        24.06.2011                8.15.10.2418  unbekannt
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed        Intel Corporation        18.06.2011        5,82MB        1.1.0.0157  notwendig
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology        Intel Corporation        18.06.2011        88,7MB        1.0.2.0518 notwendig
Intel(R) PROSet/Wireless WiFi Software        Intel Corporation        18.06.2011        130,6MB        14.01.1000 notwendig
Intel(R) Rapid Storage Technology        Intel Corporation        19.06.2011                10.5.0.1026 unbekannt
Intel(R) WiDi        Intel Corporation        18.06.2011        139,9MB        2.1.39.0 unbekannt
Java(TM) 6 Update 26        Oracle        18.06.2011        97,1MB        6.0.260  unbekannt
Java(TM) 6 Update 26 (64-bit)        Oracle        18.06.2011        91,6MB        6.0.260  unbekannt
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        12.02.2012        17,4MB        1.60.1.1000  unbekannt
Medion Home Cinema        CyberLink Corp.        18.06.2011        36,7MB        8.0.2608 unnötig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.06.2011        38,8MB        4.0.30319  unbekannt
Microsoft Mathematics (64-Bit)        Microsoft Corporation        18.07.2011        20,2MB        4.0 notwendig
Microsoft Office 2010        Microsoft Corporation        18.06.2011        6,31MB        14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010        Microsoft Corporation        14.08.2011                14.0.4763.1000 notwendig
Microsoft Office Starter 2010 - Deutsch        Microsoft Corporation        14.08.2011                14.0.4763.1000 notwendig
Microsoft Silverlight        Microsoft Corporation        15.02.2012        100,2MB        4.1.10111.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        18.06.2011        1,70MB        3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        18.06.2011        0,25MB        8.0.50727.4053 unnötig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        19.07.2011        0,29MB        8.0.59193 unnötig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        11.01.2012        0,69MB        8.0.61000 unnötig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        18.06.2011        0,77MB        9.0.30729 unnötig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        19.07.2011        0,77MB        9.0.30729.6161 unnötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        18.06.2011        0,58MB        9.0.30729 unnötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        19.10.2011        0,22MB        9.0.30729.4148 unnötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        19.07.2011        0,59MB        9.0.30729.6161 unnötig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        17.10.2011        12,3MB        10.0.40219 unnötig
Microsoft XNA Framework Redistributable 3.1        Microsoft Corporation        16.11.2011        7,55MB        3.1.10527.0 unbekannt
Mozilla Firefox 10.0.1 (x86 de)        Mozilla        10.02.2012        41,2MB        10.0.1 notwendig
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        18.06.2011        1,34MB        4.20.9876.0 unbekannt
NVIDIA Graphics Driver 275.48        NVIDIA Corporation        23.06.2011                275.48 notwendig
NVIDIA PhysX        NVIDIA Corporation        23.06.2011        78,9MB        9.10.0513 notwendig
PHotkey        Pegatron Corporation        18.06.2011                1.00.0032 unbekannt
PlayReady PC Runtime amd64        Microsoft Corporation        18.07.2011        2,06MB        1.3.0 unbekannt
Protector Suite 2011        UPEK Inc.        18.06.2011        100,3MB        5.9.4.6894 unbekannt
Realtek Ethernet Controller Driver        Realtek        18.06.2011                7.41.216.2011 notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        18.06.2011                6.0.1.6353 notwendig
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        18.06.2011                6.1.7600.30127 notwendig
Renesas Electronics USB 3.0 Host Controller Driver        Renesas Electronics Corporation        18.06.2011        1,22MB        2.1.16.0 unnötig
Skype Click to Call        Skype Technologies S.A.        13.10.2011        23,3MB        5.6.8442 notwendig
Skype™ 5.5        Skype Technologies S.A.        13.10.2011        33,6MB        5.5.124 notwendig
Steam        Valve Corporation        26.07.2011        42,3MB        1.0.0.0 notwendig
Synaptics Pointing Device Driver        Synaptics Incorporated        21.06.2011                15.0.4.0 unbekannt
Unity Web Player        Unity Technologies ApS        05.01.2012        12,0MB        unbekannt
VLC media player 1.1.11        VideoLAN        02.08.2011                1.1.11 notwendig
VR-pulse Installer        American Megatrends Inc.        18.06.2011        0,85MB        1.5.2.0 unbekannt
watchmi        Axel Springer Digital TV Guide GmbH        18.07.2011        1,74MB        2.5.0 unbekannt
Winamp        Nullsoft, Inc        04.08.2011                5.621 unnötig
Windows Live Essentials        Microsoft Corporation        19.06.2011                15.4.3538.0513 unnötig

markusg 16.02.2012 14:45
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Ashampoo : alle
CyberLink : alle
Dolby
Google : beide
Java: beide
Download der kostenlosen Java-Software
downloade java jre, instalieren.


deinstaliere:

deinstaliere:
Medion Home
Unity
watchmi
Winamp
Windows Live

öffne otl, bereinigen, neustart.
öffne ccleaner, analysieren, bereinigen, neustart, testen ob alles nach wunsch läuft

DerMephisto 16.02.2012 16:14
Herzlichen Dank!
Es sieht alles gut aus, ich nehme an damit wäre der Fall abgeschlossen? Tolle schnelle Hilfe, dankeschön.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131