ihavenet.com II

Pingo · 14.12.2012, 08:20

Hallo zusammen,

ich halte mich einfach mal an die erste Regel und erstelle zu meinem Problem ein eigenes Topic.

Suchanfragen bei Google werden auf andere Seiten weitergeleitet, egal ob IE oder Firefox.

OS ist Win7 Prof, als Virenschutz ist die aktuelle Symantec Endpoint Protection installiert.

Bevor ich hier die Anleitungen im Board gefunden hatte, habe ich bereits mit Malwarebytes und Spybot einen Scan durchlaufen lassen, ohne Erfolg.

Mag mich jemand von Euch zum Freitag durch das Problem leiten?

Vielen Dank

markusg · 14.12.2012, 13:14

Hi
gabs funde bei Malwarebytes bzw Spybot?
falls ja, posten.
http://www.trojaner-board.de/125889-...en-posten.html
dann:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Pingo · 15.12.2012, 17:16

Hi,

danke für die Rückmeldung, ich komme leider erst Montag an das betroffene System.

Melde mich dann mit den entsprechenden Log-Dateien.

Schönes Wochenende noch!

markusg · 15.12.2012, 18:48

Dir auch :-)

Pingo · 17.12.2012, 10:30

Hallo, nun zu den Logs:

1) Malwarebytes und Spybot S&D haben nichts interessantes gefunden, habe leider keine Logs mehr. Wenn gewünscht, liefer ich diese aber gerne nach.

2) OTL:

Ich habe den Benutzernamen durch "Benutzer" ersetzt, da er einen relativ eindeutigen Klarnamen enthält.

Eine extra.txt habe ich nicht gefunden.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.12.2012 10:05:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benutzer\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,90 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 43,50% Memory free
3,81 Gb Paging File | 2,49 Gb Available in Paging File | 65,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 414,18 Gb Free Space | 88,93% Space Free | Partition Type: NTFS
Drive F: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS
Drive K: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS
Drive P: | 248,84 Mb Total Space | 135,14 Mb Free Space | 54,31% Space Free | Partition Type: NTFS
Drive Q: | 248,84 Mb Total Space | 135,14 Mb Free Space | 54,31% Space Free | Partition Type: NTFS
Drive S: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS
Drive U: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS
Drive Z: | 109,95 Gb Total Space | 31,91 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
 
Computer Name: PC009 | User Name: Benutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.17 10:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe
PRC - [2012.12.14 14:37:45 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.03 10:20:06 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2011.05.13 09:14:48 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2011.05.13 09:14:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011.05.13 09:14:46 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011.05.13 09:14:46 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011.05.13 09:14:46 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011.03.21 17:35:14 | 000,091,648 | ---- | M] (Sage Software, Inc) -- C:\Programme\ACT\Act for Windows\Act.Outlook.Sync.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.15 18:13:12 | 000,017,920 | ---- | M] (Sage Software, Inc.) -- C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2010.08.12 14:00:18 | 000,087,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2009.11.30 04:28:22 | 000,084,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\IntelITDirector\itdirectorservice.exe
PRC - [2009.11.30 04:28:14 | 000,509,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\IntelITDirector\itdirector.exe
PRC - [2009.10.16 04:29:52 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009.10.16 04:29:44 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe
PRC - [2009.07.24 15:24:48 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.02.08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.14 17:20:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012.12.14 17:20:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.12.14 17:19:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.12.14 17:19:58 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012.12.14 17:19:48 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012.12.14 17:19:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.12.14 17:19:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.12.14 17:19:07 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012.12.14 17:18:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.12.14 17:18:47 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012.12.14 17:18:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.12.14 17:18:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.12.14 17:18:40 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.12.14 17:18:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.12.14 14:37:45 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.02.16 08:54:48 | 000,120,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Integration\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Integration.dll
MOD - [2012.02.16 08:54:47 | 000,678,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Sync.Common\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Sync.Common.dll
MOD - [2012.02.16 08:54:47 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
MOD - [2012.02.16 08:54:45 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Win32\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Win32.dll
MOD - [2012.02.16 08:54:45 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Utilities\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Utilities.dll
MOD - [2012.02.16 08:54:43 | 003,391,488 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Framework\13.1.111.0__ebf6b2ff4d0a08aa\Act.Framework.dll
MOD - [2012.02.16 08:54:42 | 000,136,192 | ---- | M] () -- C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2011.05.16 09:55:58 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.Unity\1.2.0.0__31bf3856ad364e35\Microsoft.Practices.Unity.dll
MOD - [2011.05.16 09:55:58 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder2\2.2.0.0__31bf3856ad364e35\Microsoft.Practices.ObjectBuilder2.dll
MOD - [2011.05.16 09:55:58 | 000,052,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.Unity.Configuration\1.2.0.0__31bf3856ad364e35\Microsoft.Practices.Unity.Configuration.dll
MOD - [2011.05.16 09:55:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.ADChronopher\1.0.0.0__ebf6b2ff4d0a08aa\Interop.ADChronopher.dll
MOD - [2011.05.16 09:55:56 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC\Genghis\0.3.958.30739__f595a82b5e5c871c\Genghis.dll
MOD - [2011.05.16 09:55:53 | 001,110,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.UI.SyncSetup\13.1.111.0__ebf6b2ff4d0a08aa\Act.UI.SyncSetup.dll
MOD - [2011.05.16 09:55:49 | 002,134,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Windows.Forms\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Windows.Forms.dll
MOD - [2011.05.16 09:55:48 | 005,144,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Images\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Images.dll
MOD - [2011.05.16 09:55:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Diagnostics\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll
MOD - [2011.05.16 09:55:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Config\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Config.dll
MOD - [2011.05.16 09:55:47 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
MOD - [2011.05.16 09:55:47 | 000,072,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Win.Integration\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Win.Integration.dll
MOD - [2011.05.16 09:55:47 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
MOD - [2011.05.16 09:55:47 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 16:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.04 16:58:10 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010.11.04 16:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2010.11.04 16:52:40 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2010.11.04 16:52:32 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2010.11.04 16:52:28 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2010.11.04 16:52:28 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2009.09.30 11:29:57 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.12.14 14:37:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.12 10:37:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.13 09:14:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011.05.13 09:14:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011.05.13 09:14:46 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011.05.13 09:14:46 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011.05.13 09:14:46 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.12 14:00:18 | 000,087,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.11.30 04:28:22 | 000,084,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\IntelITDirector\itdirectorservice.exe -- (ITDirectorService)
SRV - [2009.10.16 04:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009.10.16 04:29:44 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009.07.24 15:24:48 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.02.08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TEICHI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.09.13 09:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121216.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.13 09:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121216.007\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.08 09:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.08 09:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.11.24 22:23:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.11.24 22:23:12 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.05.25 16:04:15 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.05.13 09:14:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011.05.13 09:14:49 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011.05.13 09:14:49 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011.05.13 09:14:39 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011.05.13 09:14:39 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011.05.13 09:14:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010.11.20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.01 21:26:30 | 000,030,368 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2010.04.05 23:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.06.24 04:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2007.04.11 22:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV)
DRV - [2007.04.11 22:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP)
DRV - [2007.04.11 22:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEFB2D7A-E9AD-48FD-B163-2BDDDFA266D2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9E 8F DF A6 85 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE410
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/web?q=test&qsrc=0&o=312&l=dir"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.14 14:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.09.08 11:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions
[2012.07.03 11:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\94xeaual.default\extensions
[2012.12.13 11:21:27 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\firefox\profiles\94xeaual.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.14 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.14 14:37:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.12.13 16:22:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.13 16:22:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.13 16:22:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.13 16:22:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.13 16:22:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.13 16:22:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.13 16:17:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.247.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Domäne.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{531F45CF-FF7B-406D-BD12-15E178B6A93D}: DhcpNameServer = 192.168.247.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{531F45CF-FF7B-406D-BD12-15E178B6A93D}: NameServer = 192.168.247.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: picon - hkey= - key= - C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
MsConfig - StartUpReg: ToshibaGLDocMon - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe (Toshiba America Information Systems)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 10:04:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe
[2012.12.14 14:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.14 07:15:53 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\ABV
[2012.12.14 07:15:51 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\WINDOWS
[2012.12.13 16:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.12.13 16:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.13 16:20:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.13 16:20:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.13 16:10:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.13 16:10:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.13 16:10:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.13 16:09:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 16:08:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.13 15:46:36 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\ihavenet
[2012.12.13 11:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.13 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.13 11:34:54 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012.12.13 11:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.13 11:34:18 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\Programs
[2012.12.13 11:24:22 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Malwarebytes
[2012.12.13 11:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.13 11:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.13 11:24:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.29 07:34:53 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\PDF24
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 10:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe
[2012.12.17 09:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.17 07:19:09 | 000,010,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 07:19:09 | 000,010,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 07:15:55 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.12.17 07:11:07 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\LYOYQ.job
[2012.12.17 07:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 07:09:59 | 1532,379,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.14 17:15:14 | 000,411,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.14 08:46:45 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.14 08:46:45 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.14 08:46:45 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.14 08:46:45 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.14 07:17:13 | 000,000,008 | RHS- | M] () -- C:\ProgramData\FD6854015D.sys
[2012.12.13 16:17:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.07 11:14:01 | 000,118,784 | RHS- | M] () -- C:\Windows\System32\sk-SKT.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.14 07:17:13 | 000,000,008 | RHS- | C] () -- C:\ProgramData\FD6854015D.sys
[2012.12.13 16:10:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 16:10:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 16:10:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.13 16:10:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 16:10:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.13 11:35:01 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.07 11:14:01 | 000,118,784 | RHS- | C] () -- C:\Windows\System32\sk-SKT.dll
[2012.12.07 11:14:01 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\LYOYQ.job
[2011.10.12 10:56:41 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\TempSel.dat
[2011.10.12 10:56:41 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\TempGrpSel.dat
[2011.05.19 13:12:23 | 000,000,008 | RHS- | C] () -- C:\Users\Benutzer\ntuser.pol
[2011.05.16 10:23:21 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.05.12 15:17:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.11 08:16:50 | 000,007,231 | ---- | C] () -- C:\Windows\I2_7.ini
[2011.05.11 08:15:15 | 000,135,168 | ---- | C] () -- C:\Windows\snmp_pp.dll
[2011.05.11 08:13:37 | 000,008,272 | ---- | C] () -- C:\Windows\I1_7.ini
[2011.05.10 13:08:35 | 000,079,360 | ---- | C] () -- C:\Windows\SIDUnins.exe
[2011.05.10 13:08:35 | 000,004,308 | ---- | C] () -- C:\Windows\SIDUNINS.INI
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.10.15 09:37:59 | 000,051,096 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.02.16 08:54:47 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.05.19 13:04:54 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ACT
[2011.08.22 10:06:46 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Foxit Software
[2011.05.19 13:21:16 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\IsolatedStorage
[2011.05.23 08:53:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Windows Small Business Server
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.13 16:20:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.10.15 08:18:40 | 000,000,000 | ---D | M] -- C:\actdiag
[2010.10.15 08:18:55 | 000,000,000 | ---D | M] -- C:\Anja Veith
[2011.05.19 13:08:26 | 000,000,000 | ---D | M] -- C:\Backup
[2011.05.13 06:18:15 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.14 12:26:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.10.05 21:57:40 | 000,000,000 | ---D | M] -- C:\Driver
[2010.10.15 08:19:08 | 000,000,000 | ---D | M] -- C:\GLWEB
[2010.10.15 08:26:41 | 000,000,000 | ---D | M] -- C:\Hicad
[2010.10.15 08:28:12 | 000,000,000 | ---D | M] -- C:\I386
[2010.10.19 07:43:15 | 000,000,000 | ---D | M] -- C:\Inst
[2010.10.05 12:19:03 | 000,000,000 | ---D | M] -- C:\Intel
[2010.10.15 08:28:19 | 000,000,000 | ---D | M] -- C:\KAT
[2010.10.15 10:08:58 | 000,000,000 | ---D | M] -- C:\Mail
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.14 15:48:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.14 07:17:13 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.10.14 12:26:11 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.13 16:20:19 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.10.14 12:26:12 | 000,000,000 | ---D | M] -- C:\Recovery
[2010.10.15 08:31:47 | 000,000,000 | ---D | M] -- C:\scaneingang1
[2008.05.26 09:20:42 | 000,000,000 | ---D | M] -- C:\scaneingang2
[2011.10.28 09:14:15 | 000,000,000 | ---D | M] -- C:\Sicherung
[2012.12.17 10:07:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.26 06:18:34 | 000,000,000 | ---D | M] -- C:\TEMP
[2010.10.15 08:31:54 | 000,000,000 | ---D | M] -- C:\TOSHIBA
[2011.05.06 07:16:37 | 000,000,000 | ---D | M] -- C:\TOSHIBA Kalkulation
[2010.10.15 08:31:55 | 000,000,000 | ---D | M] -- C:\TOSHIBA Projektanträge
[2009.05.25 12:50:41 | 000,000,000 | ---D | M] -- C:\TOSHIBA Projekte
[2010.10.15 08:38:10 | 000,000,000 | ---D | M] -- C:\tradepilot
[2010.10.15 08:38:48 | 000,000,000 | ---D | M] -- C:\Treiber
[2011.06.15 09:27:41 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.13 16:20:18 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 03:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.08.13 15:25:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.12.07 11:14:01 | 000,000,308 | ---- | C] () -- C:\Windows\Tasks\LYOYQ.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 03:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 03:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.11.04 04:58:20 | 000,086,144 | ---- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\Treiber\WinXP\MB\nVidia\A8N-SLI\Chipset_XP&2K\IDE\Disk\NvAtaBus.sys
[2004.11.04 04:58:20 | 000,086,144 | ---- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\Treiber\WinXP\MB\nVidia\A8N-SLI\Chipset_XP&2K\IDE\Win2K\NvAtaBus.sys
[2004.11.04 04:58:20 | 000,086,144 | ---- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\Treiber\WinXP\MB\nVidia\A8N-SLI\Chipset_XP&2K\IDE\WinXP\NvAtaBus.sys
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 03:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 03:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2004.07.06 22:45:36 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\2003IA32\viamraid.sys
[2004.07.06 22:45:38 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\Win2000\viamraid.sys
[2004.07.06 22:45:42 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\Winxp\viamraid.sys
[2004.07.06 22:45:36 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\2003IA32\viamraid.sys
[2004.07.06 22:45:38 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\Win2000\viamraid.sys
[2004.07.06 22:45:42 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\Winxp\viamraid.sys
[2004.07.06 22:45:40 | 000,067,392 | ---- | M] (VIA Technologies inc,.ltd) MD5=813C738B09E80C4A4E0585FB95A2F897 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\Winnt40\viamraid.sys
[2004.07.06 22:45:40 | 000,067,392 | ---- | M] (VIA Technologies inc,.ltd) MD5=813C738B09E80C4A4E0585FB95A2F897 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\Winnt40\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.05.13 09:14:57 | 000,087,408 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\FwsVpn.dll
[2012.12.07 11:14:01 | 000,118,784 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\sk-SKT.dll
[2011.05.13 09:14:57 | 000,107,888 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\SymVPN.dll
 
< %USERPROFILE%\*.* >
[2012.12.17 10:20:43 | 003,670,016 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT
[2012.12.17 10:20:43 | 000,262,144 | -HS- | M] () -- C:\Users\Benutzer\ntuser.dat.LOG1
[2011.05.19 13:04:13 | 000,000,000 | -HS- | M] () -- C:\Users\Benutzer\ntuser.dat.LOG2
[2011.05.19 13:12:21 | 000,065,536 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.05.19 13:12:21 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.05.19 13:12:21 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.12.14 21:00:43 | 000,000,250 | -HS- | M] () -- C:\Users\Benutzer\ntuser.ini
[2012.03.13 15:56:08 | 000,000,008 | RHS- | M] () -- C:\Users\Benutzer\ntuser.pol
[2011.10.12 10:56:41 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\TempGrpSel.dat
[2011.10.12 10:56:41 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\TempSel.dat
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---

Schönen Gruß,

Simon

EDIT: Konkrete Domäne durch "Domäne" ausgetauscht.

markusg · 17.12.2012, 11:03

Hi
poste die logs bitte.
Welche Funde interssant sind, oder nicht, entscheide ich schon gern selbst :-)

hab dir ja deswegen den Link gepostet, wie du die Logs, zumindest von Malwarebytes, einsehen kannst.

Pingo · 17.12.2012, 11:30

MBAM-Log

Reicht dieser Log?

Spybot lasse ist jetzt grade laufen, den Log liefere ich nach.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
teichinger :: PC009 [administrator]

17.12.2012 11:12:58
mbam-log-2012-12-17 (11-12-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278890
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Und hier der Spybot-Log. Ich habe bei Spybot nur gescant und nichts entfernen lassen.

Code:

ATTFilter

Search results from Spybot - Search & Destroy

17.12.2012 11:55:20
Scan took 00:21:20.
114 items found.

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\aka-cdn-ns.adtech.de\movad.sol
  Properties.size=67
  Properties.md5=FD66CB86C7709029097AD4F66B8106F5
  Properties.filedate=1347520155
  Properties.filedatetext=2012-09-13 08:09:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.flashtalking.com\ftLocalComms.sol
  Properties.size=62
  Properties.md5=A15E322651F4CCAB47BD036E02815E38
  Properties.filedate=1353916330
  Properties.filedatetext=2012-11-26 08:52:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.flashtalking.com\FT_cookie.sol
  Properties.size=43
  Properties.md5=610E87C4C012C7ABEDEF6BA1BEF999B6
  Properties.filedate=1352305155
  Properties.filedatetext=2012-11-07 17:19:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.unicast.msn.com\skin.sol
  Properties.size=40
  Properties.md5=362FB198F25797ABC6410C659F7FEDEF
  Properties.filedate=1351774118
  Properties.filedatetext=2012-11-01 13:48:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.unicast.msn.com\XMenExp_skin_data.sol
  Properties.size=51
  Properties.md5=3E98AC91CE9EC94A358AE2668E9D8AD2
  Properties.filedate=1333438977
  Properties.filedatetext=2012-04-03 08:42:56

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.voodoovideo.com\voodoo_video.sol
  Properties.size=117
  Properties.md5=E93DF1807530A9F4CCE6D239B337F5C1
  Properties.filedate=1337852236
  Properties.filedatetext=2012-05-24 10:37:16

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\databroker.coremotives.com\flCookie_4249248b-1d57-e111-9de0-00155d323f61.sol
  Properties.size=484
  Properties.md5=B557946E49ED4A156875E05C37ABC88E
  Properties.filedate=1333358625
  Properties.filedatetext=2012-04-02 10:23:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\divaag.vo.llnwd.net\US_FARM_viewster_STREMING_CLIENT_ID_COOKIE.sol
  Properties.size=81
  Properties.md5=57A06D16CBBD0E24076EDCD853380CD3
  Properties.filedate=1355147209
  Properties.filedatetext=2012-12-10 14:46:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\images.philips.com\s7_storage_tracker.sol
  Properties.size=184
  Properties.md5=DFD5BFFE6831516D3D675A6C605B382E
  Properties.filedate=1325154583
  Properties.filedatetext=2011-12-29 11:29:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\imagesrv.adition.com\movad.sol
  Properties.size=67
  Properties.md5=6511D641B734FE584A16C948FA22BCB4
  Properties.filedate=1346765057
  Properties.filedatetext=2012-09-04 14:24:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\AdModel.sol
  Properties.size=173
  Properties.md5=CACA426E69C3C218B108DF80650813E3
  Properties.filedate=1352447915
  Properties.filedatetext=2012-11-09 08:58:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\CountryCode.sol
  Properties.size=112
  Properties.md5=0F87AA14F6E9F85D4838C4AB032B5C5C
  Properties.filedate=1352447907
  Properties.filedatetext=2012-11-09 08:58:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\PlaylistModel.sol
  Properties.size=132
  Properties.md5=6C1399D2F472C00B35FACAC157E712DD
  Properties.filedate=1352447915
  Properties.filedatetext=2012-11-09 08:58:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\reportingSegment.sol
  Properties.size=83
  Properties.md5=60E5ACB15A624AD673F8983B05A31332
  Properties.filedate=1352447907
  Properties.filedatetext=2012-11-09 08:58:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\meitetsu.m-pathy.com\mPathyUserData.sol
  Properties.size=65
  Properties.md5=87E675DFCA4C3F9F4AC027E7E63102D6
  Properties.filedate=1353315258
  Properties.filedatetext=2012-11-19 09:54:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\s.ytimg.com\soundData.sol
  Properties.size=49
  Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
  Properties.filedate=1316429386
  Properties.filedatetext=2011-09-19 11:49:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\s.ytimg.com\videostats.sol
  Properties.size=275
  Properties.md5=5D388D03B8C1857EC653A43DA06AE06B
  Properties.filedate=1352964008
  Properties.filedatetext=2012-11-15 08:20:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\10314235.sol
  Properties.size=56
  Properties.md5=BAC03C958F7860F5EFD93AD66B6D6F3A
  Properties.filedate=1343899509
  Properties.filedatetext=2012-08-02 10:25:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\10372911.sol
  Properties.size=56
  Properties.md5=F647E0B9730110DD5E58E7242BD00FE4
  Properties.filedate=1345797421
  Properties.filedatetext=2012-08-24 09:37:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\10631444.sol
  Properties.size=56
  Properties.md5=8040A313324F69200918D041055157F6
  Properties.filedate=1347001856
  Properties.filedatetext=2012-09-07 08:10:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\11747667.sol
  Properties.size=56
  Properties.md5=B0515DEF4919E1C70067873005057AFA
  Properties.filedate=1352963995
  Properties.filedatetext=2012-11-15 08:19:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\11892909.sol
  Properties.size=56
  Properties.md5=A45D6367AB19CC2ACAEE52E019A9805B
  Properties.filedate=1354624408
  Properties.filedatetext=2012-12-04 13:33:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\11951567.sol
  Properties.size=56
  Properties.md5=941D5ED7F3A2045C8555B5FA915F5E6F
  Properties.filedate=1355145163
  Properties.filedatetext=2012-12-10 14:12:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\12078118.sol
  Properties.size=56
  Properties.md5=12D0B02B8AED3C0C62E3DFA0F14033D5
  Properties.filedate=1355145264
  Properties.filedatetext=2012-12-10 14:14:23

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\8767846.sol
  Properties.size=55
  Properties.md5=1987EE8843C1D69149DF2B6080DE7EE9
  Properties.filedate=1334043159
  Properties.filedatetext=2012-04-10 08:32:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\9495163.sol
  Properties.size=55
  Properties.md5=6E7F0436DFDCFD8214752676551425BC
  Properties.filedate=1340007195
  Properties.filedatetext=2012-06-18 09:13:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\9929379.sol
  Properties.size=55
  Properties.md5=E93D35BE21CD7718E2D96809DFC19CCD
  Properties.filedate=1341821623
  Properties.filedatetext=2012-07-09 09:13:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\9955479.sol
  Properties.size=55
  Properties.md5=BA0D34F64C7C3F6F784C26C961C59997
  Properties.filedate=1342168881
  Properties.filedatetext=2012-07-13 09:41:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\ssl.hurra.com\restore.hurra.com.sol
  Properties.size=178
  Properties.md5=0BED82899533D0B6EFE1E046E6D3EEF6
  Properties.filedate=1342707758
  Properties.filedatetext=2012-07-19 15:22:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\vtracy.de\loC.sol
  Properties.size=54
  Properties.md5=A90556E131B40BCB7CF53F9EED91BD8E
  Properties.filedate=1340032141
  Properties.filedatetext=2012-06-18 16:09:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.baur.de\REGISTRY.sol
  Properties.size=42
  Properties.md5=F10611AA2C3676CBFB75469623E46626
  Properties.filedate=1337151448
  Properties.filedatetext=2012-05-16 07:57:27

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.baur.de\sol.sol
  Properties.size=374
  Properties.md5=D8576C370F104FE8A45F68EE3859AFAB
  Properties.filedate=1337151448
  Properties.filedatetext=2012-05-16 07:57:27

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.xatech.com\chat.sol
  Properties.size=66
  Properties.md5=FFE8C55E28EEFAEE8F3FDBFBB2C23DD5
  Properties.filedate=1333379264
  Properties.filedatetext=2012-04-02 16:07:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www1.belboon.de\000015274.sol
  Properties.size=138
  Properties.md5=FCFE4752FF6D6DD08AB47078627EEEE1
  Properties.filedate=1313657092
  Properties.filedatetext=2011-08-18 09:44:51

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.apendics.de\apx.swf\v.sol
  Properties.size=101
  Properties.md5=52A28F277E90DFC6C60D1D1EB37CF5D2
  Properties.filedate=1339506143
  Properties.filedatetext=2012-06-12 14:02:22

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e9832.sol
  Properties.size=82
  Properties.md5=748FDF5E958B3DF9228E0A6F18875492
  Properties.filedate=1306848086
  Properties.filedatetext=2011-05-31 14:21:26

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e98388.sol
  Properties.size=83
  Properties.md5=950A9057D9F2CBC4E3816298BDF912DD
  Properties.filedate=1306768751
  Properties.filedatetext=2011-05-30 16:19:10

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e984.sol
  Properties.size=81
  Properties.md5=9B96A27B7508763911E95E4E320D5292
  Properties.filedate=1315466773
  Properties.filedatetext=2011-09-08 08:26:12

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e98500.sol
  Properties.size=83
  Properties.md5=59155AA4890997FEA1E135F341E03A6F
  Properties.filedate=1349968153
  Properties.filedatetext=2012-10-11 16:09:12

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e9860.sol
  Properties.size=82
  Properties.md5=773BC63095D0EC54E863D69D5A00A7E0
  Properties.filedate=1306848223
  Properties.filedatetext=2011-05-31 14:23:43

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\franca-luca.com\flash\website.swf\volumeStatus.sol
  Properties.size=44
  Properties.md5=21EEC96950F847E2CA0A351073098CAC
  Properties.filedate=1344867598
  Properties.filedatetext=2012-08-13 15:19:58

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\heias.com\x\heias_sc.swf\heias.sol
  Properties.size=62
  Properties.md5=C910E017E359B29518D6A66D833C045D
  Properties.filedate=1306762921
  Properties.filedatetext=2011-05-30 14:42:01

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\nm.wetter.com\flash\radar_gm_2.0.6.2.swf\wettercomgooglemap.sol
  Properties.size=114
  Properties.md5=F1F6EE64BFC1EC543B4CAE7743411649
  Properties.filedate=1314369491
  Properties.filedatetext=2011-08-26 15:38:11

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.weinrich.de\katalog2012\elkat.swf\elkat108734.sol
  Properties.size=46
  Properties.md5=6763AE903E484D8139E23B20718AE9A1
  Properties.filedate=1346854741
  Properties.filedatetext=2012-09-05 15:19:00

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Benutzer) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Benutzer) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Benutzer) (Browser: Cookie, nothing done)
  

WebTrends live: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Adviva: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

CoreMetrics: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

WebTrends live: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done)
  

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=224
  Properties.md5=640DAD2C12AB9C0D0D3070666B6CCF80
  Properties.filedate=1355724657
  Properties.filedatetext=2012-12-17 07:10:56

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\WinRAR\General\LastFolder

Cookie: [SBI $49804B54] Browser: Cookie (21) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (306) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (42) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (11) (Browser: Cookie, nothing done)
  

History: [SBI $49804B54] Browser: History (25) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (11) (Browser: Cookie, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (5565) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-13 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-20 Includes\Adware.sbi (*)
2012-12-11 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-12-11 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-12-11 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2012-12-11 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-12-11 Includes\TrojansC-03.sbi (*)
2012-11-29 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)

markusg · 17.12.2012, 18:18

Hi,
also lesen musst du schon bitte, ich habe jetzt, zum zweiten mal gefragt, ob es alte Logs von Malwarebytes und Spybot gibt, habe dir auch genannt wo sie zu finden sind.
Was du gepostet hast, ist ein neues Log.

Pingo · 17.12.2012, 19:02

Sorry, stehe etwas auf dem Schlauch.

Du meinst Logs vor der Infektion oder den Log als ich das erste Mal nach der Infektion gescant habe?

Ersteres habe ich nicht, letzteres kann ich zumindest bei Malwarebytes morgen nachreichen.

Danke für deine Hilfe.

Hier ist der Log von Malwarebytes direkt nach der Infektion:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.13.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
teichinger :: PC009 [Administrator]

13.12.2012 11:26:57
mbam-log-2012-12-13 (11-26-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 271800
Laufzeit: 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 18.12.2012, 16:05

Hi
weis nicht, wie ichs deutlicher sagen soll, ich hab jetzt einige male geschrieben, was ich will. ich möchte die Berichte sehen, wo es Funde gab.

Dann:

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
[2012.12.07 11:14:01 | 000,118,784 | RHS- | M] () -- C:\Windows\System32\sk-SKT.dll
O4 - HKCU..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
[2012.12.17 07:11:07 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\LYOYQ.job
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.

Pingo · 19.12.2012, 08:22

Hallo,

Danke für die Antwort.

habe leider keine Berichte mit Funden. Ist auch nicht mein PC, deshalb bin ich auf Aussagen meines Benutzers angewiesen, der natürlich nichts gemacht hat

Software wurde als letztes lt. Systemsteuerung installiert:

12.12.12 Adobe Flash Player 11 Plugin
12.12.12. Adobe Flash Player 11 Active X

den Rest führe ich jetzt direkt durch.

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Windows\System32\sk-SKT.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Synchronizer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
C:\Windows\Tasks\LYOYQ.job moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: administrator.Domäne
 
User: administrator.Domäne.000
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: mjahn
->Flash cache emptied: 456 bytes
 
User: Public
 
User: Benutzer
->Flash cache emptied: 24403 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: administrator.Domäne
->Temp folder emptied: 0 bytes
 
User: administrator.Domäne.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mjahn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Benutzer
->Temp folder emptied: 52728191 bytes
->Temporary Internet Files folder emptied: 15701240 bytes
->Java cache emptied: 1280759 bytes
->FireFox cache emptied: 118205745 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17500 bytes
RecycleBin emptied: 137618447 bytes
 
Total Files Cleaned = 311,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12192012_082349

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

****
Dateien als Zip im Upload-Channel hochgeladen:

Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen.
****

Hier der Inhalt von GetInfo

Code:

ATTFilter

System volume information:	 dwHighDateTime = 0x1cb647d,dwLowDateTime = 0xdc821f4
System32:			 dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b
dwSerialNumber = 0x32c65baf

markusg · 19.12.2012, 14:05

Danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

15.12.2012, 18:48	#4
markusg /// Malware-holic	ihavenet.com II Dir auch :-) __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

17.12.2012, 11:03	#6
markusg /// Malware-holic	ihavenet.com II Hi poste die logs bitte. Welche Funde interssant sind, oder nicht, entscheide ich schon gern selbst :-) hab dir ja deswegen den Link gepostet, wie du die Logs, zumindest von Malwarebytes, einsehen kannst. __________________ --> ihavenet.com II

ihavenet.com II

Plagegeister aller Art und deren Bekämpfung: ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

ihavenet.com II

Ähnliche Themen: ihavenet.com II

15.12.2012, 17:16	#3
Pingo	ihavenet.com II Hi, danke für die Rückmeldung, ich komme leider erst Montag an das betroffene System. Melde mich dann mit den entsprechenden Log-Dateien. Schönes Wochenende noch! __________________