Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Achtung! ... Windowssystem blockiert. (https://www.trojaner-board.de/109103-achtung-windowssystem-blockiert.html)

Roderic_Sch 05.02.2012 00:08
Achtung! ... Windowssystem blockiert.
 
Hallo Leute,

Ich hab mir den "Achtung! ... Windows wird gesperrt" - Schädling auch eingefangen.

(Ist das WLAN abgeschaltet, habe ich wieder kontrolle)

Wie in "Für alle Hilfesuchenden! ..." beschrieben habe ich logs generiert (dds und otl) Attach.txt und Extras.txt liegen in einem Archiev bei:

Code:
.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_26
Run by *** at 20:37:25 on 2012-02-04
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3957.2672 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
mWinlogon: Userinit=userinit.exe
BHO: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
uRun: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
StartupFolder: C:\Users\FRIEDR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76} : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442} : NameServer = 156.154.70.25,156.154.71.25
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs:  C:\Windows\SysWOW64\guard32.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
{074C1DC5-9320-4A9A-947D-C042949C6216}
{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
AppInit_DLLs-X64:  C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qho5ph94.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-6-10 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-6-10 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-28 366640]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2010-1-22 32256]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-17 2337144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-10 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CLNUIDriver;CLNUIDriver;C:\Windows\system32\DRIVERS\CLNUIDriver.sys --> C:\Windows\system32\DRIVERS\CLNUIDriver.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe [2012-2-4 95896]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
.
=============== Created Last 30 ================
.
2012-02-04 19:07:53        --------        d-----w-        C:\Program Files\SiSoftware
2012-01-22 19:30:07        --------        d-----w-        C:\Program Files (x86)\Poedit
2012-01-22 19:26:10        --------        d-----w-        C:\Program Files (x86)\DealPly
2012-01-22 19:25:59        --------        d-----w-        C:\Program Files (x86)\Zip Uncompressor
2012-01-22 19:24:06        --------        d-----w-        C:\Users\***\Zip Uncompressor
2012-01-06 19:18:17        626688        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-06 19:18:17        548864        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 19:18:17        479232        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 19:18:17        43992        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
.
==================== Find3M  ====================
.
2012-01-14 14:31:40        414368        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-26 05:10:32        330240        ----a-w-        C:\Windows\PICSUninstall.exe
2011-11-28 14:30:48        868848        ----a-w-        C:\Windows\System32\drivers\sptd.sys
2011-11-19 11:14:54        43680        ----a-w-        C:\Windows\System32\drivers\lirsgt.sys
2011-11-19 11:14:54        314016        ----a-w-        C:\Windows\System32\drivers\atksgt.sys
2011-06-29 15:45:07        11776        ----a-w-        C:\Program Files (x86)\pixie.exe
2007-08-27 16:15:56        244736        ----a-w-        C:\Program Files (x86)\JRuler.exe
.
============= FINISH: 20:37:51,08 ===============
Code:
.
OTL logfile created on: 04.02.2012 23:08:26 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 67,53% Memory free
7,73 Gb Paging File | 6,27 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 154,83 Gb Total Space | 64,49 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
Drive D: | 143,16 Gb Total Space | 15,10 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
 
Computer Name: ***S-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ab4c31d3ee3773fda080f88a55ee9f2e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\02fce62e54341c77819608d4c374a1fe\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cd5d6686dd65a70df2bb47350e5565f2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d4e82d7d148d82bec5a0099f8c0a9d7c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9ee802cb15f227c3f5e404344241063a\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\033c4be35e173939c647b9eab467f3ba\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fe70d777535c215f4fe9f9def2b4c815\mscorlib.ni.dll ()
MOD - C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Program Files (x86)\Hotkey\Audiodll.dll ()
MOD - C:\Program Files (x86)\Hotkey\AudioControlDLL.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdagent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (CLNUIDriver) -- C:\Windows\SysNative\drivers\CLNUIDriver.sys (Code Laboratories, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbt.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C F6 D2 70 9E 53 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.06 20:18:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.16 10:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.22 20:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.16 10:29:39 | 000,000,000 | ---D | M]
 
[2011.06.11 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.06.11 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.02 09:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\qho5ph94.default\extensions
[2012.01.29 16:06:31 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\qho5ph94.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.01.06 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.18 09:08:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\FEEDLY@DEVHD.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\UNDOCLOSEDTABSBUTTON@SUPERNOVA00.BIZ.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.31 23:28:22 | 000,001,110 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adaradar.xml
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Greyscale = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.02.04 23:08:07 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442}: NameServer = 156.154.70.25,156.154.71.25
O18:64bit: - Protocol\Handler\gameboxchrome - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{159ea791-19ce-11e1-8283-0090f5a53f20}\Shell - "" = AutoRun
O33 - MountPoints2\{159ea791-19ce-11e1-8283-0090f5a53f20}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{663fd720-944c-11e0-bf63-0090f5a53f20}\Shell - "" = AutoRun
O33 - MountPoints2\{663fd720-944c-11e0-bf63-0090f5a53f20}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.04 21:56:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.04 21:20:34 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\unetbtin.exe
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\preseed
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\pool
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\pics
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\isolinux
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\install
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\dists
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\casper
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\boot
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\.disk
[2012.02.04 21:03:38 | 000,000,000 | ---D | C] -- C:\unetbtin
[2012.02.04 20:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.02.04 20:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.02.04 16:55:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wpml-string-translation.1.2.9
[2012.02.03 19:30:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Archiv
[2012.02.03 18:24:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wie macht man scheiß Ordner
[2012.02.03 12:41:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sitepress-multilingual-cms.2.4.2
[2012.02.02 12:29:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wordpress-3.3.1-de_DE
[2012.02.01 21:19:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DejaVu-Serif-fontfacekit
[2012.01.25 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\LaN_shelling_0.6.0059
[2012.01.22 20:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit
[2012.01.22 20:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Poedit
[2012.01.22 20:28:35 | 003,990,398 | ---- | C] (Vaclav Slavik                                              ) -- C:\Users\***\Desktop\poedit-1.4.6-setup.exe
[2012.01.22 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2012.01.22 20:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2012.01.22 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zip Uncompressor
[2012.01.22 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\***\Zip Uncompressor
[2012.01.22 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zip Uncompressor
[2012.01.19 13:59:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ft_v037
[2012.01.16 10:29:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.14 15:33:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.01.14 15:31:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.07 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.09.06 14:29:22 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.06.29 16:45:05 | 000,011,776 | ---- | C] (Nattyware) -- C:\Program Files (x86)\pixie.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.04 23:25:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000UA.job
[2012.02.04 22:35:02 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.04 22:35:02 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.04 22:35:02 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.04 22:35:02 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.04 22:35:02 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.04 22:34:58 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 22:34:58 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 22:27:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 22:27:29 | 3111,559,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.04 21:56:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.04 21:28:02 | 000,201,293 | ---- | M] () -- C:\ubnldr.exe
[2012.02.04 21:28:02 | 000,185,012 | ---- | M] () -- C:\ubnldr
[2012.02.04 21:28:02 | 000,008,192 | ---- | M] () -- C:\ubnldr.mbr
[2012.02.04 20:09:03 | 000,000,064 | ---- | M] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.02.04 20:08:13 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1c.lnk
[2012.02.04 19:44:48 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\unetbtin.exe
[2012.02.04 19:14:05 | 000,000,188 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.02.04 16:55:33 | 000,181,873 | ---- | M] () -- C:\Users\***\Desktop\wpml-string-translation.1.2.9.zip
[2012.02.04 09:59:45 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000Core.job
[2012.02.03 19:29:32 | 004,029,091 | ---- | M] () -- C:\Users\***\Desktop\Archiv.zip
[2012.02.03 19:27:44 | 006,897,664 | ---- | M] () -- C:\Users\***\Desktop\DA_4_einseitig_GEKÜRTZT.indd
[2012.02.03 19:27:44 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\~da_4_einseitig_gek~fg9$)4.idlk
[2012.02.03 18:24:16 | 031,133,696 | ---- | M] () -- C:\Users\***\Desktop\wie macht man scheiß.indd
[2012.02.03 18:22:56 | 000,755,702 | ---- | M] () -- C:\Users\***\Desktop\wie macht man scheiß.pdf
[2012.02.03 18:19:57 | 000,213,553 | ---- | M] () -- C:\Users\***\Desktop\wie macht man scheiß2.jpg
[2012.02.03 17:26:42 | 009,904,128 | ---- | M] () -- C:\Users\***\Desktop\DA_4_einseitig.indd
[2012.02.03 12:41:06 | 001,036,116 | ---- | M] () -- C:\Users\***\Desktop\sitepress-multilingual-cms.2.4.2.zip
[2012.02.03 12:38:25 | 000,001,014 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.03 12:29:11 | 001,161,174 | ---- | M] () -- C:\Users\***\Desktop\Gemaboy***.jpg
[2012.02.02 20:05:27 | 1428,451,328 | ---- | M] () -- C:\Users\***\Desktop\ju98ru2srjkh4.avi
[2012.02.02 18:16:41 | 000,160,534 | ---- | M] () -- C:\Users\***\Desktop\2011_Rechnung_246_Nov.pdf
[2012.02.02 18:16:41 | 000,160,453 | ---- | M] () -- C:\Users\***\Desktop\2012_Rechnung_249_Jan.pdf
[2012.02.02 18:16:37 | 000,162,933 | ---- | M] () -- C:\Users\***\Desktop\2011_Rechnung_248_Dez.pdf
[2012.02.02 12:24:17 | 004,655,786 | ---- | M] () -- C:\Users\***\Desktop\wordpress-3.3.1-de_DE.zip
[2012.02.02 12:07:03 | 000,499,622 | ---- | M] () -- C:\Users\***\Desktop\*** Schmidgall - Diplom-Slide-2.jpg
[2012.02.02 12:06:51 | 000,282,912 | ---- | M] () -- C:\Users\***\Desktop\*** Schmidgall - Diplom-Slide-1.jpg
[2012.02.02 11:33:12 | 797,794,304 | ---- | M] () -- C:\Users\***\Desktop\ewcodjwo8hsji.avi
[2012.02.01 21:05:08 | 006,241,040 | ---- | M] () -- C:\Users\***\Desktop\DejaVu-Serif-fontfacekit.zip
[2012.02.01 16:34:41 | 000,124,071 | ---- | M] () -- C:\Users\***\Desktop\***-Schmidgall-digitised-drawing-in-CAD-application.jpg
[2012.01.27 08:18:14 | 002,321,734 | ---- | M] () -- C:\Users\***\Desktop\2155656_700b.jpg
[2012.01.25 21:46:21 | 000,050,233 | ---- | M] () -- C:\Users\***\Desktop\LaN_shelling_0.6.0059.zip
[2012.01.25 21:30:37 | 000,000,051 | ---- | M] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm.rhl
[2012.01.25 21:30:10 | 000,292,098 | ---- | M] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm
[2012.01.22 20:31:27 | 000,008,249 | ---- | M] () -- C:\Users\***\Desktop\de_DE.po
[2012.01.22 20:28:47 | 003,990,398 | ---- | M] (Vaclav Slavik                                              ) -- C:\Users\***\Desktop\poedit-1.4.6-setup.exe
[2012.01.22 20:26:00 | 000,001,105 | ---- | M] () -- C:\Users\***\Desktop\Zip Uncompressor.lnk
[2012.01.22 20:25:09 | 000,008,093 | ---- | M] () -- C:\Users\***\Desktop\en_EN.po
[2012.01.22 20:23:51 | 000,549,896 | ---- | M] () -- C:\Users\***\Desktop\ADLSoft_UnCompressor_triple_2nd_offer_0412_s.exe
[2012.01.21 11:53:54 | 367,125,132 | ---- | M] () -- C:\Users\***\Desktop\craig.ferguson.2012.01.20.real.hdtv.xvid-fqm.avi
[2012.01.19 21:48:11 | 000,002,226 | ---- | M] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm.bak
[2012.01.19 21:48:11 | 000,002,226 | ---- | M] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm
[2012.01.19 13:59:12 | 000,794,521 | ---- | M] () -- C:\Users\***\Desktop\ft_v037.zip
[2012.01.19 11:48:56 | 367,523,488 | ---- | M] () -- C:\Users\***\Desktop\craig.ferguson.2012.01.18.hdtv.xvid-fqm.avi
[2012.01.18 12:24:43 | 366,921,888 | ---- | M] () -- C:\Users\***\Desktop\Craig.Ferguson.2012.01.17.Colin.Firth.HDTV.XviD-FQM.avi
[2012.01.14 15:31:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.01.06 13:22:49 | 000,000,107 | ---- | M] () -- C:\Users\***\Desktop\dradiowissen.m3u
[2012.01.06 13:22:37 | 000,000,107 | ---- | M] () -- C:\Users\***\Desktop\dkultur.m3u
[2012.01.06 13:16:33 | 000,000,099 | ---- | M] () -- C:\Users\***\Desktop\dlf.m3u
 
========== Files Created - No Company Name ==========
 
[2012.02.04 21:28:02 | 000,201,293 | ---- | C] () -- C:\ubnldr.exe
[2012.02.04 21:28:02 | 000,185,012 | ---- | C] () -- C:\ubnldr
[2012.02.04 21:28:02 | 000,008,192 | ---- | C] () -- C:\ubnldr.mbr
[2012.02.04 21:27:25 | 000,002,048 | ---- | C] () -- C:\boot.catalog
[2012.02.04 21:27:25 | 000,000,200 | ---- | C] () -- C:\README.diskdefines
[2012.02.04 20:08:53 | 011,300,864 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.mdb
[2012.02.04 20:08:53 | 000,000,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.02.04 20:08:13 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1c.lnk
[2012.02.04 19:14:05 | 000,000,188 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.02.04 16:55:31 | 000,181,873 | ---- | C] () -- C:\Users\***\Desktop\wpml-string-translation.1.2.9.zip
[2012.02.03 19:27:44 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\~da_4_einseitig_gek~fg9$)4.idlk
[2012.02.03 19:27:42 | 006,897,664 | ---- | C] () -- C:\Users\***\Desktop\DA_4_einseitig_GEKÜRTZT.indd
[2012.02.03 19:22:55 | 004,029,091 | ---- | C] () -- C:\Users\***\Desktop\Archiv.zip
[2012.02.03 18:24:14 | 031,133,696 | ---- | C] () -- C:\Users\***\Desktop\wie macht man scheiß.indd
[2012.02.03 18:22:53 | 000,755,702 | ---- | C] () -- C:\Users\***\Desktop\wie macht man scheiß.pdf
[2012.02.03 18:19:57 | 000,213,553 | ---- | C] () -- C:\Users\***\Desktop\wie macht man scheiß2.jpg
[2012.02.03 12:41:03 | 001,036,116 | ---- | C] () -- C:\Users\***\Desktop\sitepress-multilingual-cms.2.4.2.zip
[2012.02.03 12:29:09 | 001,161,174 | ---- | C] () -- C:\Users\***\Desktop\Gemaboy***.jpg
[2012.02.03 09:24:41 | 1428,451,328 | ---- | C] () -- C:\Users\***\Desktop\ju98ru2srjkh4.avi
[2012.02.02 18:16:22 | 000,162,933 | ---- | C] () -- C:\Users\***\Desktop\2011_Rechnung_248_Dez.pdf
[2012.02.02 18:16:22 | 000,160,534 | ---- | C] () -- C:\Users\***\Desktop\2011_Rechnung_246_Nov.pdf
[2012.02.02 18:16:22 | 000,160,453 | ---- | C] () -- C:\Users\***\Desktop\2012_Rechnung_249_Jan.pdf
[2012.02.02 12:24:05 | 004,655,786 | ---- | C] () -- C:\Users\***\Desktop\wordpress-3.3.1-de_DE.zip
[2012.02.02 12:22:49 | 797,794,304 | ---- | C] () -- C:\Users\***\Desktop\ewcodjwo8hsji.avi
[2012.02.02 12:06:59 | 000,499,622 | ---- | C] () -- C:\Users\***\Desktop\*** *** - Diplom-Slide-2.jpg
[2012.02.02 12:06:36 | 000,282,912 | ---- | C] () -- C:\Users\***\Desktop\*** *** - Diplom-Slide-1.jpg
[2012.02.01 21:04:55 | 006,241,040 | ---- | C] () -- C:\Users\***\Desktop\DejaVu-Serif-fontfacekit.zip
[2012.02.01 16:34:40 | 000,124,071 | ---- | C] () -- C:\Users\***\Desktop\***-***-digitised-drawing-in-CAD-application.jpg
[2012.01.27 08:18:08 | 002,321,734 | ---- | C] () -- C:\Users\***\Desktop\2155656_700b.jpg
[2012.01.25 21:46:19 | 000,050,233 | ---- | C] () -- C:\Users\***\Desktop\LaN_shelling_0.6.0059.zip
[2012.01.25 21:30:37 | 000,000,051 | ---- | C] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm.rhl
[2012.01.25 21:30:09 | 000,292,098 | ---- | C] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm
[2012.01.22 20:31:27 | 000,008,249 | ---- | C] () -- C:\Users\***\Desktop\de_DE.po
[2012.01.22 20:25:09 | 000,008,093 | ---- | C] () -- C:\Users\***\Desktop\en_EN.po
[2012.01.22 20:24:06 | 000,001,105 | ---- | C] () -- C:\Users\***\Desktop\Zip Uncompressor.lnk
[2012.01.22 20:23:40 | 000,549,896 | ---- | C] () -- C:\Users\***\Desktop\ADLSoft_UnCompressor_triple_2nd_offer_0412_s.exe
[2012.01.19 21:48:25 | 000,002,226 | ---- | C] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm.bak
[2012.01.19 21:48:09 | 000,002,226 | ---- | C] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm
[2012.01.19 13:59:10 | 000,794,521 | ---- | C] () -- C:\Users\***\Desktop\ft_v037.zip
[2012.01.07 11:41:12 | 000,001,014 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.06 13:22:49 | 000,000,107 | ---- | C] () -- C:\Users\***\Desktop\dradiowissen.m3u
[2012.01.06 13:22:36 | 000,000,107 | ---- | C] () -- C:\Users\***\Desktop\dkultur.m3u
[2012.01.06 13:16:32 | 000,000,099 | ---- | C] () -- C:\Users\***\Desktop\dlf.m3u
[2011.12.26 06:10:32 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.11.27 18:21:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2011.11.16 10:19:24 | 000,244,736 | ---- | C] () -- C:\Program Files (x86)\JRuler.exe
[2011.09.16 19:30:17 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.09.06 14:29:22 | 000,320,512 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2011.09.06 14:29:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.06.22 21:04:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.06.16 00:56:28 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.15 22:15:36 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011.06.15 22:15:36 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2011.06.13 13:28:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\myron_ezcam.dll
[2011.06.13 13:28:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\DSVL.dll
[2011.06.13 12:57:23 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.11 16:44:44 | 000,006,599 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp
[2011.06.10 20:34:47 | 000,000,102 | R--- | C] () -- C:\Windows\OEM.ini
[2011.06.10 20:33:16 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.10 20:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.10 20:03:20 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2011.08.19 10:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3v
[2011.07.13 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2011.09.18 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.12 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.02.04 22:28:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.04 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.06.12 17:46:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2011.08.25 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.06.14 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grasshopper
[2011.10.03 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.11.15 11:58:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.06.11 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.07.08 09:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.06.11 09:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.06.15 21:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2011.12.26 06:10:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pics
[2011.06.12 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Processing
[2011.06.11 16:44:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2011.06.16 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.17 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.06.11 09:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.07 10:09:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Vielen Dank im Voraus für Eure Hilfe! Roderic S.

markusg 05.02.2012 11:50
hi
neustarten, f8 drücken, abgesicherter modus mit netzwerk wählen, da hast du dann internet und kannst arbeiten.
ersetze im script *** durch nutzernamen, damit es läuft


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
 :Files
C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Roderic_Sch 05.02.2012 13:36
Vielen Dank für die schnelle Hilfe!

Das infizierte Benutzerkonto arbeitet jetzt wieder normal.

Dennoch habe ich jetzt Angst FireFox zu benutzen. Woran lag es den? Was hatte das mit Firefox zu tun? Oder ist es nur ein hinterlistiges Manöver seitens der Virenprogrammierer die Schädlinge nach vertrauenswürdigen Programmen zu benennen?

Was sollte ich als Nächstes tun?

Beste Grüße, Roderic.

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Firefox helper deleted successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 41620 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 47748 bytes
 
User: Public
 
User: User
->Flash cache emptied: 46680 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2693969250 bytes
->Temporary Internet Files folder emptied: 23357473 bytes
->Java cache emptied: 5391404 bytes
->FireFox cache emptied: 835356993 bytes
->Google Chrome cache emptied: 70169908 bytes
->Opera cache emptied: 38981322 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 49053962 bytes
->Temporary Internet Files folder emptied: 279610 bytes
->FireFox cache emptied: 225048000 bytes
->Opera cache emptied: 17830103 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1056968752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 5962791106 bytes
 
Total Files Cleaned = 10.471,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_132218

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

markusg 05.02.2012 16:37
ja genau das ist es.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Roderic_Sch 05.02.2012 19:01
ComboFix sagt:

Code:
ComboFix 12-02-05.02 - *** 05.02.2012  18:42:04.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3957.2432 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\***\AppData\Roaming\3v
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 13:28 . 2012-02-05 13:28        709968        ----a-w-        c:\windows\isRS-000.tmp
2012-02-05 12:22 . 2012-02-05 12:37        --------        d-----w-        C:\_OTL
2012-02-05 10:53 . 2012-02-05 12:10        --------        d-----w-        c:\users\User\AppData\Roaming\Notepad++
2012-02-04 20:28 . 2012-02-04 20:28        201293        ----a-w-        C:\ubnldr.exe
2012-02-04 20:03 . 2012-02-04 20:28        --------        d-----w-        C:\preseed
2012-02-04 20:03 . 2012-02-04 20:28        --------        d-----w-        C:\casper
2012-02-04 20:03 . 2012-02-04 20:27        --------        d-----w-        C:\boot
2012-02-04 20:03 . 2012-02-04 20:27        --------        d-----w-        C:\.disk
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\pics
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\isolinux
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\install
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\dists
2012-02-04 20:03 . 2012-02-04 20:03        --------        d-----w-        C:\pool
2012-02-04 20:03 . 2012-02-04 20:28        --------        d-----w-        C:\unetbtin
2012-02-04 19:07 . 2012-02-04 19:07        --------        d-----w-        c:\program files\SiSoftware
2012-01-22 19:30 . 2012-01-22 19:30        --------        d-----w-        c:\program files (x86)\Poedit
2012-01-22 19:26 . 2012-02-03 19:26        --------        d-----w-        c:\program files (x86)\DealPly
2012-01-22 19:25 . 2012-01-22 19:26        --------        d-----w-        c:\program files (x86)\Zip Uncompressor
2012-01-22 19:24 . 2012-01-22 19:24        --------        d-----w-        c:\users\***\Zip Uncompressor
2012-01-14 14:33 . 2012-01-14 14:33        --------        d-----w-        c:\windows\Sun
2012-01-14 14:31 . 2012-01-14 14:31        --------        d-----w-        c:\windows\system32\Macromed
2012-01-06 19:18 . 2011-12-21 07:42        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 19:18 . 2011-12-21 04:29        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-06 19:18 . 2011-12-21 04:29        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 19:18 . 2011-12-21 04:29        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 14:31 . 2011-06-10 20:20        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-26 05:10 . 2011-12-26 05:10        330240        ----a-w-        c:\windows\PICSUninstall.exe
2011-11-28 14:30 . 2011-11-28 14:30        868848        ----a-w-        c:\windows\system32\drivers\sptd.sys
2011-11-19 11:14 . 2011-11-19 11:14        43680        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-11-19 11:14 . 2011-11-19 11:14        314016        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-06-29 15:45 . 2011-06-29 15:45        11776        ----a-w-        c:\program files (x86)\pixie.exe
2007-08-27 16:15 . 2011-11-16 09:19        244736        ----a-w-        c:\program files (x86)\JRuler.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2010-3-2 2417664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CLNUIDriver;CLNUIDriver;c:\windows\system32\DRIVERS\CLNUIDriver.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe [2009-01-05 95896]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2010-01-22 32256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 10:43]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 10:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-10-29 17:08        5948168        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-10-29 17:08        5948168        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 9057608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442}: NameServer = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qho5ph94.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FileZilla Client - c:\program files (x86)\FileZilla FTP Client\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1811895510-1651897561-911722450-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*})\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-05  18:53:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-05 17:53
.
Vor Suchlauf: 19 Verzeichnis(se), 106.562.527.232 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 106.444.759.040 Bytes frei
.
- - End Of File - - 3FFEAD8F996A4F46646D10FC70A594B8

markusg 05.02.2012 19:35
sitzt du zufällig in den usa?
Whois-Auskunft
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4 : NameServer = 156.154.70.25,156.154.71.25

Roderic_Sch 05.02.2012 19:40
Nein - Berlin.

markusg 05.02.2012 19:44
start programme zubehör editor reinkopieren:

Killall::
DDS::
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442}: NameServer = 156.154.70.25,156.154.71.25


datei speichern unter, ort, dort wo sich combofix befindet, typ alle dateien, name:
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten

Roderic_Sch 05.02.2012 20:08
Erledigt. Ich wüsste nur zu gern was ich da getan hab ... warum hast du mich gefragt ob in den USA sitze. (Wenn ich mich selbst teste = Arcor, Berlin, Germany)

Code:
ComboFix 12-02-05.02 - *** 05.02.2012  19:50:04.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3957.2571 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 18:55 . 2012-02-05 18:55        --------        d-----w-        c:\users\User\AppData\Local\temp
2012-02-05 18:55 . 2012-02-05 18:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-05 12:22 . 2012-02-05 12:37        --------        d-----w-        C:\_OTL
2012-02-05 10:53 . 2012-02-05 12:10        --------        d-----w-        c:\users\User\AppData\Roaming\Notepad++
2012-02-04 20:28 . 2012-02-04 20:28        201293        ----a-w-        C:\ubnldr.exe
2012-02-04 20:03 . 2012-02-04 20:28        --------        d-----w-        C:\preseed
2012-02-04 20:03 . 2012-02-04 20:28        --------        d-----w-        C:\casper
2012-02-04 20:03 . 2012-02-04 20:27        --------        d-----w-        C:\boot
2012-02-04 20:03 . 2012-02-04 20:27        --------        d-----w-        C:\.disk
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\pics
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\isolinux
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\install
2012-02-04 20:03 . 2012-02-04 20:26        --------        d-----w-        C:\dists
2012-02-04 20:03 . 2012-02-04 20:03        --------        d-----w-        C:\pool
2012-02-04 20:03 . 2012-02-04 20:28        --------        d-----w-        C:\unetbtin
2012-02-04 19:07 . 2012-02-04 19:07        --------        d-----w-        c:\program files\SiSoftware
2012-01-22 19:30 . 2012-01-22 19:30        --------        d-----w-        c:\program files (x86)\Poedit
2012-01-22 19:26 . 2012-02-03 19:26        --------        d-----w-        c:\program files (x86)\DealPly
2012-01-22 19:25 . 2012-01-22 19:26        --------        d-----w-        c:\program files (x86)\Zip Uncompressor
2012-01-22 19:24 . 2012-01-22 19:24        --------        d-----w-        c:\users\***\Zip Uncompressor
2012-01-14 14:33 . 2012-01-14 14:33        --------        d-----w-        c:\windows\Sun
2012-01-14 14:31 . 2012-01-14 14:31        --------        d-----w-        c:\windows\system32\Macromed
2012-01-06 19:18 . 2011-12-21 07:42        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 19:18 . 2011-12-21 04:29        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-06 19:18 . 2011-12-21 04:29        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 19:18 . 2011-12-21 04:29        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 18:10 . 2011-05-02 18:36        285256        ----a-w-        c:\windows\SysWow64\guard32.dll
2012-02-05 18:10 . 2011-05-02 18:36        363560        ----a-w-        c:\windows\system32\guard64.dll
2012-02-05 18:10 . 2011-05-07 14:17        92688        ----a-w-        c:\windows\system32\drivers\inspect.sys
2012-02-05 18:10 . 2011-05-02 18:36        41712        ----a-w-        c:\windows\system32\drivers\cmdhlp.sys
2012-02-05 18:10 . 2011-05-02 18:36        252344        ----a-w-        c:\windows\system32\drivers\cmdGuard.sys
2012-02-05 18:10 . 2011-05-02 18:36        16016        ----a-w-        c:\windows\system32\drivers\cmderd.sys
2012-01-14 14:31 . 2011-06-10 20:20        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-26 05:10 . 2011-12-26 05:10        330240        ----a-w-        c:\windows\PICSUninstall.exe
2011-11-28 14:30 . 2011-11-28 14:30        868848        ----a-w-        c:\windows\system32\drivers\sptd.sys
2011-11-19 11:14 . 2011-11-19 11:14        43680        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-11-19 11:14 . 2011-11-19 11:14        314016        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-06-29 15:45 . 2011-06-29 15:45        11776        ----a-w-        c:\program files (x86)\pixie.exe
2007-08-27 16:15 . 2011-11-16 09:19        244736        ----a-w-        c:\program files (x86)\JRuler.exe
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-02-05_17.49.07  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-02-05 18:16        42312              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-05 18:16        36796              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-10 18:54 . 2012-02-05 18:16        10028              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1811895510-1651897561-911722450-1000_UserData.bin
+ 2011-06-10 18:49 . 2012-02-05 18:14        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-10 18:49 . 2012-02-05 12:28        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-05 12:32 . 2012-02-05 12:28        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-05 12:32 . 2012-02-05 18:14        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 12:28        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-05 18:14        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-10 19:45 . 2012-02-05 12:29        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-10 19:45 . 2012-02-05 18:14        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-10 19:45 . 2012-02-05 18:14        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-10 19:45 . 2012-02-05 12:29        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-10 19:45 . 2012-02-05 12:29        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-10 19:45 . 2012-02-05 18:14        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-10 19:45 . 2012-02-05 12:29        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-10 19:45 . 2012-02-05 18:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-10 19:45 . 2012-02-05 18:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-10 19:45 . 2012-02-05 12:29        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-05 17:48 . 2012-02-05 17:48        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-05 18:56 . 2012-02-05 18:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-05 18:56 . 2012-02-05 18:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-05 17:48 . 2012-02-05 17:48        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-12 08:23 . 2012-02-05 18:56        196866              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-05 18:18        651648              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-05 16:20        651648              c:\windows\system32\perfh009.dat
- 2011-04-12 07:43 . 2012-02-05 16:20        696370              c:\windows\system32\perfh007.dat
+ 2011-04-12 07:43 . 2012-02-05 18:18        696370              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-02-05 18:18        120580              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-05 16:20        120580              c:\windows\system32\perfc009.dat
- 2011-04-12 07:43 . 2012-02-05 16:20        147634              c:\windows\system32\perfc007.dat
+ 2011-04-12 07:43 . 2012-02-05 18:18        147634              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-02-05 18:55        384116              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-05 17:47        384116              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-28 19:23 . 2012-02-05 17:47        1017048              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-28 19:23 . 2012-02-05 18:55        1017048              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2010-3-2 2417664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CLNUIDriver;CLNUIDriver;c:\windows\system32\DRIVERS\CLNUIDriver.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe [2009-01-05 95896]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2010-01-22 32256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 10:43]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 10:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-10-29 17:08        5948168        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-10-29 17:08        5948168        ----a-w-        c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-02-05 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442}: NameServer = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qho5ph94.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1811895510-1651897561-911722450-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*})\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-05  20:00:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-05 19:00
ComboFix2.txt  2012-02-05 17:53
.
Vor Suchlauf: 23 Verzeichnis(se), 106.286.231.552 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 106.124.992.512 Bytes frei
.
- - End Of File - - B1876B9A3CEF68139A0A41DA9EB9544C

markusg 05.02.2012 20:43
irgendwie hat das nicht so recht geklappt, muss mir das noch mal ansehen.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
edit: ich bin auch blöd, die ips gehören zu comodo.
also keine sorge, und weiter mit malwarebytes

Roderic_Sch 05.02.2012 21:47
Malwarebytes sagt:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***S-PC [Administrator]

05.02.2012 20:47:51
mbam-log-2012-02-05 (20-47-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444254
Laufzeit: 56 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zip Uncompressor (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\Zip Uncompressor\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Zip Uncompressor\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02052012_132218\C_Users\***\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 06.02.2012 11:01
lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Roderic_Sch 06.02.2012 12:07
Seit ich den ComboFix ausgeführt habe ist mein "Personal Save" Icon (teil der Protector Suite 2009 von AuthenTec) verschwunden. Ich kann ihn auch nicht mehr öffnen bzw. entsperren.

Laut AuthenTec befindet sich das entsprechende Archiv hier:
C:\Users\[username]\AppData\Roaming\Protector Suite\psqlsa.swp

Ich hab aber keine Ahnung, wie ich da dran komme. Wenn ich versuche das zu entpacken bekomme ich logischerweise eine Fehlermeldung. Was ist eine .swp Datei und wie kann ich die wieder zu meinem "Personal Save" machen?

Ich weiss, das ist nicht dein Problem aber evtl. hast du eine Idee.

CCleaner:

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        10.06.2011        4,53MB        9.20.00.0 notwendig
Adobe Reader X (10.1.2) - Deutsch        Adobe Systems Incorporated        15.01.2012        121,2MB        10.1.2 notwendig
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        12.06.2011                11.5.9.620 notwendig
Anti-phishing Domain Advisor        Visicom Media Inc. (Powered by Panda Security)        18.08.2011                1.0.0.1 unbekannt
Apple Application Support        Apple Inc.        12.06.2011        52,8MB        1.4.1 unbekannt
Apple Software Update        Apple Inc.        12.06.2011        2,16MB        2.1.1.116 unbekannt
ATI Catalyst Install Manager        ATI Technologies, Inc.        09.06.2011        22,1MB        3.0.765.0 notwendig
Avira AntiVir Personal - Free Antivirus        Avira GmbH        18.10.2011        70,6MB        10.2.0.704 notwendig
BisonCam        BisonCam        09.06.2011                9.2.1.71.1 notwendig
Bontago                25.12.2011                1.0 notwendig
Bridge Building Game                25.12.2011 notwendig               
calibre        Kovid Goyal        12.07.2011        118,9MB        0.8.9 notwendig
CamStudio Lossless Codec                14.06.2011 notwendig               
CamStudio Lossless Codec v1.4        (c) 2003 RenderSoft Software, Modifications Copyright © 2008 Jake P.        14.06.2011 notwendig               
CamStudio OSS Desktop Recorder        CamStudio Open Source Dev Team        14.06.2011        14,9MB        2.6 Beta r294 notwendig
CCleaner        Piriform        05.02.2012                3.15 notwendig
Cisco EAP-FAST Module        Cisco Systems, Inc.        09.06.2011        1,55MB        2.2.14 unbekannt
Cisco LEAP Module        Cisco Systems, Inc.        09.06.2011        0,63MB        1.0.19 unbekannt
Cisco PEAP Module        Cisco Systems, Inc.        09.06.2011        1,24MB        1.1.6 unbekannt
CL NUI Platform        Code Laboratories, Inc.        19.06.2011                1.0.0.1121 notwendig
CodeBlocks        The Code::Blocks Team        11.06.2011                10.05 notwendig
COMODO Internet Security        COMODO Security Solutions Inc.        09.06.2011        135,1MB        5.4.58750.1355 notwendig
DAEMON Tools Lite        DT Soft Ltd        10.06.2011                4.40.2.0131 unnötig
DealPly        DealPly        21.01.2012 unbekannt               
DivX Web Player        DivX,Inc.        29.08.2011                1.5.0 notwendig
Dropbox        Dropbox, Inc.        02.02.2012                1.2.51 notwendig
FileZilla Client 3.5.3        FileZilla Project        11.01.2012        16,6MB        3.5.3 notwendig
foobar2000 v1.1.7        Peter Pawlowski        10.06.2011        7,85MB        1.1.7 notwendig
Foxit Reader 5.0        Foxit Corporation        11.06.2011        24,9MB        5.0.1.0527 notwendig
GameBox Toolbar                18.08.2011 unbekannt               
GIMP 2.6.11        The GIMP Team        10.06.2011        106,8MB        2.6.11 notwendig
Google Chrome        Google Inc.        17.10.2011                16.0.912.77 notwendig
Grasshopper                12.06.2011 notwendig               
Hotkey 3.2006        NoteBook        09.06.2011        4,31MB        3.20.06 notwendig
Intel(R) Management Engine Components        Intel Corporation        10.06.2011                6.0.0.1179 unbekannt
Intel(R) Open Source Computer Vision Library 1.0                11.06.2011 unbekannt               
IrfanView (remove only)        Irfan Skiljan        14.11.2011        1,50MB        4.30 unnötig
Java(TM) 6 Update 26        Oracle        10.06.2011        97,1MB        6.0.260 unbekannt
JMicron Ethernet Adapter NDIS Driver        JMicron Technology Corp.        09.06.2011                6.0.14.11 notwendig
JMicron Flash Media Controller Driver        JMicron Technology Corp.        09.06.2011                1.0.39.1 notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        04.02.2012        17,4MB        1.60.1.1000 notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        12.06.2011        38,8MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        12.06.2011        2,94MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended        Microsoft Corporation        12.06.2011        52,0MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        12.06.2011        10,7MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        12.06.2011        83,5MB        4.0.30319 unbekannt
Microsoft DirectX SDK (June 2010)        Microsoft Corporation        12.06.2011                9.29.1962.0 unbekannt
Microsoft Games for Windows - LIVE        Microsoft Corporation        03.09.2011        10,4MB        2.0.675.0 unbekannt
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        03.09.2011        5,74MB        2.0.673.0 unbekannt
Microsoft Help Viewer 1.0        Microsoft Corporation        12.06.2011        3,97MB        1.0.30319 unbekannt
Microsoft SQL Server Compact 3.5 SP2 ENU        Microsoft Corporation        12.06.2011        3,39MB        3.5.8080.0 unbekannt
Microsoft SQL Server Compact 3.5 SP2 x64 ENU        Microsoft Corporation        12.06.2011        4,51MB        3.5.8080.0 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        11.06.2011        0,41MB        8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        04.07.2011        0,24MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        09.06.2011        0,77MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        21.06.2011        1,42MB        9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        12.06.2011        0,23MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        09.06.2011        0,58MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974        Microsoft Corporation        12.06.2011        0,58MB        9.0.30729.4974 unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        12.06.2011        13,7MB        10.0.30319 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        12.06.2011        11,0MB        10.0.30319 unbekannt
Microsoft Visual C++ 2010 Express - ENU        Microsoft Corporation        12.06.2011                10.0.30319 notwendig
Microsoft Visual C++ 8.0 Support DLLs        McNeel & Associates        10.06.2011        2,17MB        1.0.0 notwendig
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU        Microsoft Corporation        12.06.2011        4,29MB        10.0.30319 notwendig
Mobipocket Creator 4.2        Mobipocket.com        12.06.2011        16,1MB        4.2.41 notwendig
Mozilla Firefox 9.0.1 (x86 de)        Mozilla        05.01.2012        45,3MB        9.0.1 notwendig
Mozilla Thunderbird (6.0.2)        Mozilla        21.09.2011                6.0.2 (de) notwendig
Notepad++                10.06.2011                5.9.2 notwendig
OpenNI 1.0.0 for Windows (remove only)                21.06.2011 notwendig               
OpenNI 1.1.0.41 for Windows        PrimeSense        21.06.2011        44,1MB        1.1.0.41 notwendig
OpenOffice.org 3.3        OpenOffice.org        10.06.2011        415MB        3.3.9567 notwendig
Opera 11.61        Opera Software ASA        04.02.2012                11.61.1250 notwendig
OrdrumboxDesktopApplication 0.9.06                19.07.2011                0.9.06 unbekannt               
Poedit        Vaclav Slavik        21.01.2012                1.4.6 unbekannt
PrimeSense - NITE 1.3.1.5 for Windows        PrimeSense        21.06.2011        100,7MB        1.3.1.5 notwendig
PrimeSense Sensor 5.0.1.32 for Windows        PrimeSense        21.06.2011        1,45MB        5.0.1.32 notwendig
Protector Suite 2009        UPEK Inc.        09.06.2011        119,9MB        5.9.2.6005 notwendig
QuickTime        Apple Inc.        12.06.2011        73,7MB        7.69.80.9 notwendig
RadarSync PC Updater 2011 (driver updates and patches)        RadarSync Ltd        19.08.2011 unbekannt               
REALTEK Wireless LAN Driver        REALTEK Semiconductor Corp.        09.06.2011                1.00.0136 notwendig
Scrabble3D        Heiko Tietze        24.12.2011        4,55MB        3.1.0.26 notwendig
SiSoftware Sandra Lite 2012.SP1c        SiSoftware        03.02.2012        94,9MB        18.28.2012.2 notwendig
Skype Click to Call        Skype Technologies S.A.        17.10.2011        12,6MB        5.6.8442 unbekannt
Skype™ 5.5        Skype Technologies S.A.        17.10.2011        17,0MB        5.5.124 notwendig
Sokoban YASC                24.12.2011        8,26MB notwendig               
Synaptics Pointing Device Driver        Synaptics Incorporated        09.06.2011                14.0.3.0 notwendig
TeamViewer 6        TeamViewer GmbH        16.08.2011                6.0.10722 notwendig
UFRaw 0.18        Udi Fuchs        02.10.2011 notwendig               
UNetbootin                03.02.2012 notwendig               
USB Video Device        Sonix        05.09.2011                5.8.48205.104 notwendig
VirtualCloneDrive        Elaborate Bytes        27.11.2011 notwendig               
VLC media player 1.1.10        VideoLAN        10.06.2011                1.1.10 notwendig
Windows-Treiberpaket - PrimeSense (psdrv3) PrimeSense  (02/16/2011 3.1.2.0)        PrimeSense        21.06.2011                02/16/2011 3.1.2.0 notwendig
Windows-Treiberpaket - PrimeSense (psdrv3) PrimeSensor  (07/13/2010 3.1.0.4)        PrimeSense        21.06.2011                07/13/2010 3.1.0.4 notwendig
WinRAR 4.01 (64-bit)        win.rar GmbH        10.06.2011                4.01.0 notwendig
WinVDIG 1.0.5        Tim Molteno        12.06.2011 notwendig

markusg 06.02.2012 12:17
kannst du die noch mal drüber instalieren, bzw wie siehts denn lizenzrechtlich mit nem upgrade aus, wäre das kostenlos, da sollte man dann vllt da mal drüber nachdenken.

Roderic_Sch 06.02.2012 12:26
Reparatur-Installation hat das Problem gelöst.

Es war bei meinem Laptop als OEM dabei - Update sollte also kein Problem sein, was ein Upgrade angeht, muss ich mich mal informieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:28 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131