Trojaner-Board - Computer gesperrt "POLIZEI Cybercrime Investigation Department" , Ukash / Schweizerische Eidgenossenschaft

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Computer gesperrt "POLIZEI Cybercrime Investigation Department" , Ukash / Schweizerische Eidgenossenschaft (https://www.trojaner-board.de/127964-computer-gesperrt-polizei-cybercrime-investigation-department-ukash-schweizerische-eidgenossenschaft.html)

Computer gesperrt "POLIZEI Cybercrime Investigation Department" , Ukash / Schweizerische Eidgenossenschaft

Hallo Zusammen
Beim gemütlichen betrachten von interessanten Videos habe Ich mir was eingefangen. 06.12 , 23.33 ca.
System: Win7 64 prof, Microsoft security essential (grün leuchtend...)
Vor längerer Zeit habe ich mir den "vorgänger" dieses Problems eingefangen, dieserjenige konnte ich jedoch einfach beseitigen, Abgesicherter Modus, Autostart entfernt, Datei entfernt, einträge in der Registry manuell entfernt (auch div. Virensoftware laufen gelassen, nach anleitung von diesem Board). hat geklappt.

Nach dem aufpoppen der Meldung (siehe Bild) habe Ich sofort den "pc aus" Knopf auf meiner Tastatur gedrückt, zu meinem erstaunen kam die fehlermeldung dass nicht alle Programme beendet werden können von Windows. Abbrechen geklick und zurück auf dem Desktop war Ich.
Neuste Dateien im meinem Benutzerordner gesucht und Bilder aus der Meldung gefunden, inkl. 2 Dateien, alles verdächte verschoben auf die 2 Festplatte. Danach beruhigt ins Bett, weil der autostart die Dateien nichtmehr findet...

Nächster Tag, die ernüchterung, hat nicht geklappt, weitergemacht:
Netzwerkstecker rausgezogen & neustart; Meldung kommt noch.
Abgesicherter Modus; fährt nach dem anmelden gleich wieder runter.
Benutzer "Gast" angemeldet; keine Meldung kommt, allerdings lässt sich kein Programm ausführen / installieren da Kindersicherung (hätt ich das mal besser konfiguriert)

Heute gegoogelt und dieses Thema gefunden:
http://www.trojaner-board.de/126426-...-gesperrt.html
Boot CD Reatogo-x-pe erstellt und benutzt. Allerdings komme Ich nach dem start von OTLPE nicht weiter, Fehlermeldung "target is not windows 2000 or later"

Dieses Thema gesehen:
http://www.trojaner-board.de/69886-a...-beachten.html

Nr2Schritt1:
Defogger runtergeladen und unter reatogo-x-pe gestartet, Fehlermeldung:

Zitat:

"defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:20 on 08/12/2012 (%username%)

Checking for autostart values...
HKCU\~\Run values retrieved.
Unable to open HKLM\~\Run key (2)
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-"

Defogger mit kreuz beendet.

In Eigenregie:
Mit User Gast angemeldet und die kopierten Daten vom "Virus" auf einen USB Stick verschoben. Nach dem Neustart kommt die Meldung immernoch.

Nochmals Reatogo-X-pe gestartet um die Fehlermeldung richtig abzuschreiben, dabei bemerkt dass ich nur das Laufwerk, und nicht den Windows Pfad ausgewählt habe, richtiger Ordner ausgewählt; funktioniert.
Ärgerlicher Umweg (da USB Stick nicht erkannt wird, 2 verschiedene versucht) um den zusäztlichen benutzerdefinierten inhalt für den Scan zu hinterleden nochmal mit dem Gast benutzen angemeldet und Text auf der Festplatte gespeichert. Resultat:

Zitat:

OTL logfile created on: 12/8/2012 7:34:31 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.36% Space Free | Partition Type: NTFS
Drive I: | 279.36 Gb Total Space | 158.28 Gb Free Space | 56.66% Space Free | Partition Type: NTFS
Drive L: | 1397.26 Gb Total Space | 1046.44 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/09/12 14:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 14:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/14 14:43:18 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/15 00:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- I:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/07/20 06:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand] -- I:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/11 02:57:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/10 14:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- I:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- I:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 07:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- I:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- I:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/02 10:39:44 | 000,495,616 | ---- | M] (PaperCut Software International Pty Ltd) [Auto] -- I:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)
SRV - [2010/11/14 14:44:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- I:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/18 05:18:32 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- I:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- I:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- I:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 15:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 06:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 00:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2012/01/18 00:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 00:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/10 00:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/07 12:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 12:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/11 22:19:32 | 000,095,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2010/01/07 04:31:20 | 000,075,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NmSerial.sys -- (nmserial)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/22 10:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 10:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/19 12:35:40 | 000,511,104 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- I:\Windows\System32\drivers\HPAF35.sys -- (AVerAF35)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 18:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/10/21 03:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 03:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 03:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 03:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 03:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 03:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 03:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/07/11 00:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- I:\Windows\System32\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2008/07/11 00:05:00 | 000,058,664 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2008/01/09 05:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- I:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/06/25 04:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV:64bit: - [2007/06/25 04:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV:64bit: - [2007/06/25 04:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV:64bit: - [2007/06/25 04:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007/06/25 04:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/25 04:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007/06/25 04:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV:64bit: - [2005/09/23 16:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2007/03/16 04:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- I:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 7D 75 40 54 C5 CA 01 [binary data]
IE - HKU\Benutzer_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\Guest_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\Guest_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 7E 77 67 F0 63 CC 01 [binary data]
IE - HKU\Guest_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: I:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: I:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: I:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: I:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: I:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: I:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: I:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2010/04/25 04:56:51 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Benutzer\AppData\Roaming\Mozilla\Extensions
[2010/04/25 04:56:51 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Benutzer\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - I:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\npchrome_frame.dll (Google Inc.)
O3 - HKU\Benutzer_ON_I\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\Benutzer_ON_I\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Benutzer_ON_I\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] I:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] I:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] I:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser.COMPUTERNAME_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser.COMPUTERNAME_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin] File not found
O4 - Startup: I:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Benutzer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Benutzer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Benutzer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Guest_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Guest_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Benutzer_ON_I\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Benutzer_ON_I Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Benutzer_ON_I Winlogon: Shell - (C:\Users\Benutzer\AppData\Roaming\skype.dat) - I:\Users\Benutzer\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - I:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1e4b7e75-3753-11e0-b0cb-4061867f678f}\Shell - "" = AutoRun
O33 - MountPoints2\{1e4b7e75-3753-11e0-b0cb-4061867f678f}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell - "" = AutoRun
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\configure\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\install\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{bd2ae546-cfa1-11e0-9d66-4061867f678f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd2ae546-cfa1-11e0-9d66-4061867f678f}\Shell\AutoRun\command - "" = K:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {0E384E22-7A14-D713-B889-47180DA5640E} - Microsoft Windows Media Player
ActiveX:64bit: {205B995D-F36D-E6DD-F722-EA1F577F3844} - Themes Setup
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FCFA1537-0822-36B4-E6B4-8B3F8F86FD18} - Microsoft Windows Media Player
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: {FF3C4C33-5FEA-BC79-9BB2-7234B630DBAA} - Internet Explorer
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0E384E22-7A14-D713-B889-47180DA5640E} - Microsoft Windows Media Player
ActiveX: {205B995D-F36D-E6DD-F722-EA1F577F3844} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FCFA1537-0822-36B4-E6B4-8B3F8F86FD18} - Microsoft Windows Media Player
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: {FF3C4C33-5FEA-BC79-9BB2-7234B630DBAA} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start 3DxWare.lnk - I:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe - (3Dconnexion, INC)
MsConfig:64bit - StartUpFolder: C:^Users^Benutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Benutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Engine.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - I:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - I:\Windows\RaidTool\xInsIDE.exe ()
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - I:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - I:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Sony PC Companion - hkey= - key= - I:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - I:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 03:42:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\WdfLdr.sys
[2012/11/17 03:42:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\Wdfres.dll
[2012/11/17 03:41:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/11/17 03:41:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/17 03:41:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/17 03:41:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\TsUsbFlt.sys
[2012/11/17 03:41:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\rdpvideominiport.sys
[2012/11/17 03:41:46 | 000,322,560 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\aaclient.dll
[2012/11/17 03:41:46 | 000,269,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\aaclient.dll
[2012/11/17 03:41:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/17 03:41:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\MsRdpWebAccess.dll
[2012/11/17 03:41:46 | 000,046,592 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/17 03:41:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\tsgqec.dll
[2012/11/17 03:41:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/11/17 03:41:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\tsgqec.dll
[2012/11/17 03:41:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wksprtPS.dll
[2012/11/17 03:41:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wksprtPS.dll
[2012/11/17 03:41:45 | 005,773,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mstscax.dll
[2012/11/17 03:41:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mstscax.dll
[2012/11/17 03:41:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpcorets.dll
[2012/11/17 03:41:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mstsc.exe
[2012/11/17 03:41:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mstsc.exe
[2012/11/17 03:41:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wksprt.exe
[2012/11/17 03:41:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpudd.dll
[2012/11/17 03:41:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpendp_winip.dll
[2012/11/17 03:41:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TSWbPrxy.exe
[2012/11/17 03:37:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll
[2012/11/17 03:37:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll
[2012/11/17 03:37:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/11/17 03:37:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2012/11/17 03:37:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/11/17 03:37:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\url.dll
[2012/11/17 03:37:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2012/11/17 03:37:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieUnatt.exe
[2012/11/17 03:37:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/11/17 03:37:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/11/17 03:37:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl
[2012/11/17 03:37:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2012/11/17 03:37:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll
[2012/11/17 03:37:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2012/11/17 03:37:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2012/11/17 03:37:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll
[2012/11/17 03:37:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll
[2012/11/17 03:34:48 | 000,194,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFPlatform.dll
[2012/11/17 03:34:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFCoinstaller.dll
[2012/11/17 03:34:47 | 000,744,448 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFx.dll
[2012/11/17 03:34:47 | 000,229,888 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFHost.exe
[2012/11/17 03:34:34 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2012/11/17 03:33:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ncsi.dll
[2012/11/17 03:33:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ncsi.dll
[2012/11/17 03:33:37 | 000,246,272 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netcorehc.dll
[2012/11/17 03:33:37 | 000,175,104 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\netcorehc.dll
[2012/11/17 03:33:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\netevent.dll
[2012/11/17 03:33:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netevent.dll
[2012/11/17 03:33:35 | 000,226,816 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dhcpcore6.dll
[2012/11/17 03:33:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\dhcpcore6.dll
[2012/11/17 03:33:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dhcpcsvc6.dll
[2012/11/17 03:33:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\dhcpcsvc6.dll
[2012/11/17 03:33:22 | 001,448,448 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\lsasrv.dll
[2012/11/17 03:33:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ncrypt.dll
[2012/11/17 03:33:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ncrypt.dll
[2012/11/17 03:33:06 | 000,095,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\synceng.dll
[2012/11/17 03:33:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\synceng.dll
[2011/08/11 16:53:29 | 000,625,736 | ---- | C] (How Inc.) -- I:\Program Files (x86)\Common Files\ZugoInstaller.exe

========== Files - Modified Within 30 Days ==========

[2012/12/08 13:25:25 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/12/08 13:24:32 | 000,001,102 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/08 13:03:19 | 000,000,004 | ---- | M] () -- I:\Users\Benutzer\AppData\Roaming\skype.ini
[2012/12/08 12:58:12 | 000,015,024 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 12:58:12 | 000,015,024 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 12:57:54 | 000,657,438 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2012/12/08 12:57:54 | 000,618,714 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/12/08 12:57:54 | 000,130,810 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2012/12/08 12:57:54 | 000,107,034 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/12/08 12:36:00 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 12:14:56 | 000,050,477 | ---- | M] () -- I:\Users\Guest\Desktop\Defogger.exe
[2012/12/08 12:06:10 | 000,001,106 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 17:47:11 | 000,540,743 | ---- | M] () -- I:\Users\Benutzer\Desktop\adwcleaner.exe
[2012/12/06 17:25:30 | 002,558,036 | ---- | M] () -- I:\Users\Benutzer\Desktop\23.mpeg
[2012/12/06 17:20:14 | 002,564,318 | ---- | M] () -- I:\Users\Benutzer\Desktop\8.mpeg
[2012/12/03 07:51:01 | 000,002,180 | ---- | M] () -- I:\Users\Benutzer\AppData\Local\recently-used.xbel
[2012/12/03 07:45:25 | 002,675,204 | ---- | M] () -- I:\Users\Benutzer\Desktop\Bicycles_Motorcycles_and_Models.pdf
[2012/12/01 17:58:30 | 004,361,879 | ---- | M] () -- I:\Users\Benutzer\Desktop\CHASSIE-MOTOR65SX02.pdf
[2012/12/01 17:51:16 | 003,786,141 | ---- | M] () -- I:\Users\Benutzer\Desktop\13_3211855_de_OM_f1cf61.pdf
[2012/11/30 16:30:29 | 000,040,637 | ---- | M] () -- I:\Users\Benutzer\Desktop\neues Kombi.JPG
[2012/11/30 05:55:16 | 000,000,081 | ---- | M] () -- I:\Users\Benutzer\AppData\Roaming\AVSMediaPlayer.m3u
[2012/11/27 17:46:46 | 002,229,515 | ---- | M] () -- I:\Users\Benutzer\Desktop\2004_RS125R.pdf
[2012/11/27 17:03:12 | 001,752,361 | ---- | M] () -- I:\Users\Benutzer\Desktop\2006_NSF100.pdf
[2012/11/17 18:13:00 | 000,001,137 | ---- | M] () -- I:\Users\Benutzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/17 18:04:01 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/17 18:03:41 | 000,613,112 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/11/11 02:57:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/11 02:57:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/12/08 12:55:54 | 000,050,477 | ---- | C] () -- I:\Users\Guest\Desktop\Defogger.exe
[2012/12/06 17:46:57 | 000,540,743 | ---- | C] () -- I:\Users\Benutzer\Desktop\adwcleaner.exe
[2012/12/06 17:32:58 | 000,000,004 | ---- | C] () -- I:\Users\Benutzer\AppData\Roaming\skype.ini
[2012/12/06 17:25:07 | 002,558,036 | ---- | C] () -- I:\Users\Benutzer\Desktop\23.mpeg
[2012/12/06 17:20:05 | 002,564,318 | ---- | C] () -- I:\Users\Benutzer\Desktop\8.mpeg
[2012/12/03 07:51:01 | 000,002,180 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\recently-used.xbel
[2012/12/03 07:45:25 | 002,675,204 | ---- | C] () -- I:\Users\Benutzer\Desktop\Bicycles_Motorcycles_and_Models.pdf
[2012/12/01 17:58:29 | 004,361,879 | ---- | C] () -- I:\Users\Benutzer\Desktop\CHASSIE-MOTOR65SX02.pdf
[2012/12/01 17:51:15 | 003,786,141 | ---- | C] () -- I:\Users\Benutzer\Desktop\13_3211855_de_OM_f1cf61.pdf
[2012/11/30 16:30:29 | 000,040,637 | ---- | C] () -- I:\Users\Benutzer\Desktop\neues Kombi.JPG
[2012/11/27 17:46:46 | 002,229,515 | ---- | C] () -- I:\Users\Benutzer\Desktop\2004_RS125R.pdf
[2012/11/27 17:03:12 | 001,752,361 | ---- | C] () -- I:\Users\Benutzer\Desktop\2006_NSF100.pdf
[2012/11/17 03:42:24 | 000,000,003 | ---- | C] () -- I:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:34:47 | 000,000,003 | ---- | C] () -- I:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 02:57:12 | 000,000,884 | ---- | C] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/09 13:44:36 | 000,000,620 | ---- | C] () -- I:\Windows\_DC-CDI-P_v67.ini
[2012/04/09 13:44:36 | 000,000,333 | ---- | C] () -- I:\Windows\DC-CDI-P_v67.ini
[2012/02/15 14:28:04 | 000,000,013 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\CO2361A2-Y320-06AD-SH33-5287B13CB100.ini
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- I:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- I:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- I:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/11 12:10:26 | 000,062,976 | ---- | C] () -- I:\Users\Benutzer\AppData\Roaming\skype.dat
[2011/09/25 14:08:59 | 000,007,635 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\Resmon.ResmonCfg
[2011/09/25 13:19:51 | 001,534,724 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/10 21:06:32 | 000,007,282 | ---- | C] () -- I:\Windows\cadx2.ini
[2011/07/01 14:59:38 | 000,043,008 | ---- | C] () -- I:\Windows\SysWow64\spwini.dll
[2011/06/23 11:22:25 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/29 16:31:55 | 000,028,672 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\WebpageIcons.db
[2010/07/18 05:18:57 | 000,000,000 | ---- | C] () -- I:\Windows\eDrawingOfficeAutomator.INI
[2010/07/08 12:43:49 | 000,007,103 | ---- | C] () -- I:\Windows\mgxoschk.ini
[2010/04/19 12:40:08 | 000,000,081 | ---- | C] () -- I:\Users\Benutzer\AppData\Roaming\AVSMediaPlayer.m3u
[2010/04/18 15:10:03 | 000,524,288 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll
[2010/04/18 15:10:03 | 000,139,264 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll
[2010/03/19 14:41:59 | 000,068,640 | ---- | C] () -- I:\Windows\unTMV.exe
[2010/03/17 13:42:18 | 000,000,056 | -H-- | C] () -- I:\ProgramData\ezsidmv.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2007/08/21 13:46:34 | 000,059,160 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll
[2007/04/27 02:43:58 | 000,120,200 | ---- | C] () -- I:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2012/09/27 16:27:27 | 000,000,000 | ---D | M] -- I:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2010/08/12 15:14:38 | 000,000,000 | ---D | M] -- I:\ProgramData\BVRP Software
[2010/07/18 05:42:37 | 000,000,000 | ---D | M] -- I:\ProgramData\DassaultSystemes
[2010/09/26 13:38:26 | 000,000,000 | ---D | M] -- I:\ProgramData\Delcam
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2010/07/08 12:10:08 | 000,000,000 | ---D | M] -- I:\ProgramData\MAGIX
[2010/12/08 17:04:15 | 000,000,000 | ---D | M] -- I:\ProgramData\PassMark
[2010/04/10 13:57:01 | 000,000,000 | ---D | M] -- I:\ProgramData\Pinnacle
[2010/04/10 13:44:39 | 000,000,000 | ---D | M] -- I:\ProgramData\PinnacleExtractor
[2012/01/20 14:57:30 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung
[2012/08/29 13:43:55 | 000,000,000 | ---D | M] -- I:\ProgramData\Sony
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2012/07/22 03:49:51 | 000,000,000 | ---D | M] -- I:\ProgramData\tjdmkcxtyodiojz
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2012/09/02 04:25:29 | 000,032,640 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/09/29 08:34:11 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2010/09/10 15:31:12 | 000,000,000 | ---D | M] -- I:\CAD
[2012/11/17 18:02:59 | 000,000,000 | -HSD | M] -- I:\Config.Msi
[2010/09/26 13:41:33 | 000,000,000 | ---D | M] -- I:\dcam
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2010/04/17 12:02:15 | 000,000,000 | ---D | M] -- I:\DynoRuns
[2010/03/16 16:31:18 | 000,000,000 | ---D | M] -- I:\Intel
[2010/04/10 14:15:31 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2012/04/15 05:33:46 | 000,000,000 | ---D | M] -- I:\NVIDIA
[2011/11/04 12:28:27 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2012/09/27 16:26:43 | 000,000,000 | R--D | M] -- I:\Program Files
[2012/11/07 14:58:00 | 000,000,000 | R--D | M] -- I:\Program Files (x86)
[2012/09/27 16:26:42 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\Programme
[2010/03/16 16:48:37 | 000,000,000 | ---D | M] -- I:\RaidTool
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\Recovery
[2010/07/18 05:15:57 | 000,000,000 | ---D | M] -- I:\SolidWorks Data
[2010/11/14 14:44:01 | 000,000,000 | ---D | M] -- I:\SolidWorks Data (2)
[2012/12/07 13:11:27 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2012/10/18 16:30:57 | 000,000,000 | ---D | M] -- I:\temp
[2012/04/15 05:34:40 | 000,000,000 | R--D | M] -- I:\Users
[2012/12/08 11:25:59 | 000,000,000 | ---D | M] -- I:\Windows

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2010/01/26 16:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- I:\Program Files\MATLAB\MATLAB Compiler Runtime\v717\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

Wie gehts weiter
Gruss Paul24

:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen! :kloppen:

Gelesen und verstanden?

Fix mit OTLpe

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte den infizierten Rechner mit der OTLpe-CD und starte OTLpe.

Falls du keine Internetverbindung hast:
Drücke Windows-Taste + R > notepad (reinschreiben) > OK

Kopiere das Fixskript in den Editor und speichere die Datei als Fix.txt

Kopiere dir die Fix.txt auf einen USB-Stick.

Schliesse den Stick an den infizierten Rechner an und kopiere dir die Datei auf den Desktop.

Füge das Skript in das Feld Custom Scans / Fixes ein:

Code:

:OTL O20 - HKU\Benutzer_ON_I Winlogon: Shell - (C:\Users\Benutzer\AppData\Roaming\skype.dat) - I:\Users\Benutzer\AppData\Roaming\skype.dat ()

Schliesse bitte nun alle anderen Programme.

Klicke nun bitte auf den Fix Button.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. (Auch zu finden unter C:\OTLpe\MovedFiles\<datum_nummer.log>)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTLpe scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:

Fragen:

Kannst du jetzt wieder in den normalen Modus booten?

Guten morgen

Verstanden und ausgeführt.

Zitat:

========== OTL ==========
Registry value HKEY_USERS\Benutzer_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Benutzer\AppData\Roaming\skype.dat deleted successfully.
I:\Users\Benutzer\AppData\Roaming\skype.dat moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 12092012_092917

PC startet wieder ohne Meldung.
Kurz nach dem der Desktop auftaucht ohne Symbole blitz der Bildschirm kurz Weiss auf.
Skype funktioniert und läuft (Autostart & anmeldung).

:bussi: wartend auf die nächste Aufgabe :kaffee:

Okay, dann suchen wir jetzt nach den Überresten.
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

Alle Benutzer scannnen angehackt.

OTL Logfile:

Code:

OTL logfile created on: 09.12.2012 10:20:33 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benutzer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

7.99 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.43% Memory free

7.99 Gb Paging File | 6.16 Gb Available in Paging File | 77.10% Paging File free

Paging file location(s):  [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.36 Gb Total Space | 159.31 Gb Free Space | 57.03% Space Free | Partition Type: NTFS

Drive L: | 1397.26 Gb Total Space | 1045.37 Gb Free Space | 74.82% Space Free | Partition Type: NTFS

 

Computer Name: COMPUTERNAME | User Name: Benutzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.09 10:19:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe

PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benutzer\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011.12.02 16:39:44 | 000,495,616 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe

PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.11.11 08:57:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011.12.02 16:39:44 | 000,495,616 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)

SRV - [2010.11.14 20:44:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.11.14 20:43:18 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV - [2010.07.18 11:18:32 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.10.15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)

SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2012.01.18 06:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)

DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2010.01.12 04:19:32 | 000,095,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NmPar.sys -- (NmPar)

DRV:64bit: - [2010.01.07 10:31:20 | 000,075,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NmSerial.sys -- (nmserial)

DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009.10.29 09:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009.10.22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2009.10.22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)

DRV:64bit: - [2009.10.19 18:35:40 | 000,511,104 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPAF35.sys -- (AVerAF35)

DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.07.14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)

DRV:64bit: - [2009.07.14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)

DRV:64bit: - [2009.07.14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)

DRV:64bit: - [2009.07.14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)

DRV:64bit: - [2009.07.14 00:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mf.sys -- (mf)

DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.10.21 09:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic)

DRV:64bit: - [2008.10.21 09:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)

DRV:64bit: - [2008.10.21 09:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5)

DRV:64bit: - [2008.10.21 09:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)

DRV:64bit: - [2008.10.21 09:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt)

DRV:64bit: - [2008.10.21 09:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)

DRV:64bit: - [2008.10.21 09:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus)

DRV:64bit: - [2008.07.11 06:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)

DRV:64bit: - [2008.07.11 06:05:00 | 000,058,664 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)

DRV:64bit: - [2008.01.09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)

DRV:64bit: - [2007.06.25 10:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic)

DRV:64bit: - [2007.06.25 10:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex)

DRV:64bit: - [2007.06.25 10:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5)

DRV:64bit: - [2007.06.25 10:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm)

DRV:64bit: - [2007.06.25 10:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt)

DRV:64bit: - [2007.06.25 10:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl)

DRV:64bit: - [2007.06.25 10:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus)

DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2007.03.16 10:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 7D 75 40 54 C5 CA 01  [binary data]

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\SearchScopes,DefaultScope = {024F1068-F4C2-49D1-AF4B-07B4295E19D2}

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\SearchScopes\{024F1068-F4C2-49D1-AF4B-07B4295E19D2}: "URL" = hxxp://www.google.ch/#hl=de&source=hp&q={searchTerms}&meta=&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=643474c47ff6d53f

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\SearchScopes\{54A3F302-92C6-42EC-8E3A-F5265B29264F}: "URL" = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2010.04.25 10:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions

[2010.04.25 10:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\npchrome_frame.dll (Google Inc.)

O3 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benutzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A76FC5E4-A3B6-46F6-BF6C-833387230B66}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\gcf - No CLSID value found

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1172472738-2790194449-1037159881-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1e4b7e75-3753-11e0-b0cb-4061867f678f}\Shell - "" = AutoRun

O33 - MountPoints2\{1e4b7e75-3753-11e0-b0cb-4061867f678f}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell - "" = AutoRun

O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\AutoRun\command - "" = M:\SETUP.EXE

O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\configure\command - "" = M:\SETUP.EXE

O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\install\command - "" = M:\SETUP.EXE

O33 - MountPoints2\{bd2ae546-cfa1-11e0-9d66-4061867f678f}\Shell - "" = AutoRun

O33 - MountPoints2\{bd2ae546-cfa1-11e0-9d66-4061867f678f}\Shell\AutoRun\command - "" = K:\Start.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.09 15:29:17 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.11.17 09:34:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.08.11 22:53:29 | 000,625,736 | ---- | C] (How Inc.) -- C:\Program Files (x86)\Common Files\ZugoInstaller.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.09 10:27:04 | 000,002,802 | ---- | M] () -- C:\Users\Benutzer\AppData\Local\recently-used.xbel

[2012.12.09 10:06:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.09 09:43:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.09 09:43:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.09 09:40:55 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.09 09:40:55 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.09 09:40:55 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.09 09:40:55 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.09 09:40:55 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.09 09:36:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.09 09:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.08 19:03:19 | 000,000,004 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\skype.ini

[2012.12.08 18:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.30 11:55:16 | 000,000,081 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\AVSMediaPlayer.m3u

[2012.11.18 00:03:41 | 000,613,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012.12.06 23:32:58 | 000,000,004 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\skype.ini

[2012.12.03 13:51:01 | 000,002,180 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\recently-used.xbel

[2012.11.17 09:42:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012.11.17 09:34:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012.11.11 08:57:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.09 19:44:36 | 000,000,620 | ---- | C] () -- C:\Windows\_DC-CDI-P_v67.ini

[2012.04.09 19:44:36 | 000,000,333 | ---- | C] () -- C:\Windows\DC-CDI-P_v67.ini

[2012.02.15 20:28:04 | 000,000,013 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\CO2361A2-Y320-06AD-SH33-5287B13CB100.ini

[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011.09.25 20:08:59 | 000,007,635 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\Resmon.ResmonCfg

[2011.09.25 19:19:51 | 001,534,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.08.11 03:06:32 | 000,007,282 | ---- | C] () -- C:\Windows\cadx2.ini

[2011.07.01 20:59:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll

[2011.03.29 22:31:55 | 000,028,672 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\WebpageIcons.db

[2010.05.11 19:28:28 | 000,000,067 | ---- | C] () -- C:\Users\Benutzer\.gtk-bookmarks

[2010.04.19 18:40:08 | 000,000,081 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\AVSMediaPlayer.m3u

[2010.03.19 22:57:39 | 000,000,680 | RHS- | C] () -- C:\Users\Benutzer\ntuser.pol

[2010.03.17 19:42:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.02.15 20:28:01 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\.Kanton SH

[2011.06.30 20:39:41 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\3Dconnexion

[2012.12.06 23:35:43 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Azureus

[2010.05.07 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010.07.18 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DassaultSystemes

[2010.09.26 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Delcam

[2012.12.09 09:46:51 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Dropbox

[2012.01.03 21:15:42 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DVDVideoSoft

[2010.07.13 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.07.25 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\EDrawings

[2012.07.23 21:34:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\FileZilla

[2011.06.12 18:12:18 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Gate Lite

[2012.03.26 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Ghostbuster

[2012.09.26 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\gtk-2.0

[2011.05.19 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\IM

[2010.03.16 23:26:30 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Leadertech

[2010.07.08 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\MAGIX

[2010.12.03 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ManyCam

[2011.10.25 20:03:41 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Notepad++

[2010.03.26 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org

[2012.11.07 20:58:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\pdfforge

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Es kam etwa 20 mal eine Fehlermeldung während des Scans, diese habe Ich mit "Weiter" überbrückt. printscreen im Anhang.

Skype habe Ich vorher dem Scan beendet.

Nachtrag: mir ist noch eingefallen dass ich am Abend nach der infizierung einige Dateien aus der Ordner "Prefech" gelöscht habe, die sind nun im Papierkorb, kann ich die für immer ins nirvana schicken?

Bevor es weiter geht: Ist das ein gewerblich genutzer Rechner?

Das ist ein Home Rechner. Ich benutze ihn auch für den Mailverkehr meiner privaten Einzelfirma (klein). E-Banking wird auf seperatem Notebook durchgeführt.
Ich nehme an Du fragst das wegen der installierten CAD Software, die ist mit einer legalen Home-Use Lizenz aktiviert, durch meinen Arbeitgeber konnte ich diese besorgen, dort bin ich CAD "admin".
Oder gibt es ein anderes Problem?

Gruss Paul24

Nein deswegen:

Zitat:

Lesestoff:
Hinweise: Gewerblich genutzte Rechner
Die Hilfe, die wir hier anbieten, erfolgt für den User auf eigene Gefahr. Auch wenn wir uns nach bestem Wissen bemühen, so besteht doch das Risiko, dass der Computer im Laufe der Bereinigung evtl. nicht mehr startbar sein könnte oder es zu Datenverlust kommen kann. Für eine Sicherung der vorhandenen Arbeits- und ggf. Kundendaten hat der User selbst zu sorgen. Eine Haftung ist durch die Nutzungsvereinbarung auf jeden Fall ausgeschlossen. Darauf wurde hiermit hingewiesen.

Weiterhin wird hiermit darauf hingewiesen, dass in den zu postenden Logfiles eventuell Kundendaten mit anfallen könnten, beispielsweise dann, wenn infizierte Dokumente nach Kundennamen benannt wurden. Trojaner-Board wird die Logfiles im Nachhinein nicht abändern oder den Thread löschen.

Die Bereinigung erfolgt für kleine Unternehmen kostenfrei. Du hast allerdings die Möglichkeit uns mit einer Spende zu unterstützen. :)

Dann bitte jetzt Combofix:

Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Trotz des nichtmehr vorhandenen MSE symbol sagte mit Combofix, das es noch läuft. Im taskmanager konnte ich den Prozess von MSE nicht beenden.
Habe dann über msconfig überall mse entfernt (google sagte es mir..)

Trotzdem kam nach dem "Ok" nochmals die Meldung, das MSE läuft.
Combofix ist durchgelaufen:
Combofix Logfile:

Code:

ComboFix 12-12-07.01 - Benutzer 09.12.2012  11:53:39.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.8183.6263 [GMT 1:00]

ausgeführt von:: c:\users\Benutzer\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Benutzer\AppData\Local\TempDIR

c:\users\Benutzer\AppData\Roaming\skype.ini

c:\users\Benutzer\Favorites\Videos.url

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-09 bis 2012-12-09  ))))))))))))))))))))))))))))))

.

.

2012-12-09 14:29 . 2012-12-09 14:29        --------        d-----w-        C:\_OTL

2012-12-09 10:59 . 2012-12-09 10:59        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-12-09 10:59 . 2012-12-09 10:59        --------        d-----w-        c:\users\UpdatusUser.COMPUTERNAME\AppData\Local\temp

2012-12-09 10:59 . 2012-12-09 10:59        --------        d-----w-        c:\users\Guest\AppData\Local\temp

2012-12-09 10:59 . 2012-12-09 10:59        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-08 19:08 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A49D5FCE-7859-4B7D-98CD-58FFB03165B0}\mpengine.dll

2012-12-07 18:11 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-29 18:26 . 2012-11-29 18:26        972264        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{869D877C-8DFF-41DE-98C5-D3CC64CA32C4}\gapaengine.dll

2012-11-17 08:42 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui

2012-11-17 08:42 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2012-11-17 08:42 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys

2012-11-17 08:42 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll

2012-11-17 08:37 . 2012-10-08 11:13        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-11-17 08:34 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll

2012-11-17 08:34 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2012-11-17 08:34 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2012-11-17 08:34 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2012-11-17 08:34 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2012-11-17 08:34 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe

2012-11-17 08:34 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-17 08:35 . 2010-04-18 20:31        66395536        ----a-w-        c:\windows\system32\MRT.exe

2012-11-11 07:57 . 2012-04-15 10:27        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-11 07:57 . 2012-04-15 10:27        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-10 19:23 . 2012-10-10 19:23        247144        ----a-w-        c:\windows\system32\nvinitx.dll

2012-10-10 19:23 . 2012-10-10 19:23        1867112        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23        18252136        ----a-w-        c:\windows\system32\nvd3dumx.dll

2012-10-10 19:23 . 2012-10-10 19:23        1482600        ----a-w-        c:\windows\system32\nvdispgenco64.dll

2012-10-10 19:23 . 2012-10-10 19:23        6127464        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23        2574696        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2012-10-10 19:23 . 2012-10-10 19:23        25256296        ----a-w-        c:\windows\system32\nvcompiler.dll

2012-10-10 19:23 . 2012-10-10 19:23        831848        ----a-w-        c:\windows\SysWow64\nvumdshim.dll

2012-10-10 19:23 . 2012-10-10 19:23        202600        ----a-w-        c:\windows\SysWow64\nvinit.dll

2012-10-10 19:23 . 2012-10-10 19:23        7414632        ----a-w-        c:\windows\system32\nvopencl.dll

2012-10-10 19:23 . 2009-10-05 10:10        2731880        ----a-w-        c:\windows\system32\nvapi64.dll

2012-10-10 19:23 . 2012-04-15 10:32        973672        ----a-w-        c:\windows\system32\nvumdshimx.dll

2012-10-10 19:23 . 2009-07-13 21:59        14922600        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2012-10-10 19:23 . 2012-10-10 19:23        9146728        ----a-w-        c:\windows\system32\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23        7697768        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23        2218344        ----a-w-        c:\windows\system32\nvcuvenc.dll

2012-10-10 19:23 . 2012-04-15 10:32        12501352        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22 . 2012-10-10 19:22        2428776        ----a-w-        c:\windows\SysWow64\nvapi.dll

2012-10-10 19:22 . 2012-10-10 19:22        26331496        ----a-w-        c:\windows\system32\nvoglv64.dll

2012-10-10 19:22 . 2011-10-17 21:29        1760104        ----a-w-        c:\windows\system32\nvdispco64.dll

2012-10-10 19:22 . 2009-10-05 10:10        15309160        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2012-10-10 19:22 . 2012-10-10 19:22        2747240        ----a-w-        c:\windows\system32\nvcuvid.dll

2012-10-10 19:22 . 2012-10-10 19:22        19906920        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2012-10-10 19:22 . 2012-10-10 19:22        13443944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2012-10-10 19:22 . 2012-10-10 19:22        17559912        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2012-10-04 20:58 . 2012-05-26 17:37        972192        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-10-02 19:51 . 2012-04-15 10:33        3536817        ----a-w-        c:\windows\system32\nvcoproc.bin

2012-10-02 19:51 . 2009-09-27 17:22        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2009-09-27 17:22        6200680        ----a-w-        c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2009-09-27 17:22        891240        ----a-w-        c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2009-09-27 17:22        63336        ----a-w-        c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2009-09-27 17:22        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2009-09-27 17:22        118120        ----a-w-        c:\windows\system32\nvmctray.dll

2012-10-02 11:15 . 2012-10-02 11:15        430952        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2012-09-20 15:02 . 2012-09-20 15:02        1832760        ----a-w-        c:\windows\system32\LogiLDA.DLL

2012-09-14 19:19 . 2012-10-18 21:24        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-18 21:24        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-07-22 05:14 . 2011-08-11 21:53        625736        ----a-w-        c:\program files (x86)\Common Files\ZugoInstaller.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Benutzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Benutzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Benutzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

.

c:\users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Benutzer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-16 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]

R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]

R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]

R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys [x]

R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-14 1315592]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 NmPar;Unusable Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2010-01-12 95744]

R3 nmserial;PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [2010-01-07 75264]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]

R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2008-07-11 58664]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

S2 PCPrintLogger;PaperCut Print Logger;c:\program files (x86)\PaperCut Print Logger\pcpl.exe PCPrintLogger [x]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 07:57]

.

2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 20:06]

.

2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 20:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Benutzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Benutzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Benutzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 9642528]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.ch/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Trusted Zone: samsungsetup.com\www

TCP: DhcpNameServer = 192.168.1.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-USB_ANT_SIUSBXP_3_1&1004&0FCF - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\USB_ANT_SIUSBXP_3_1&1004&0FCF

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-12-09  12:07:06

ComboFix-quarantined-files.txt  2012-12-09 11:07

.

Vor Suchlauf: 16 Verzeichnis(se), 170'864'734'208 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 170'720'710'656 Bytes frei

.

- - End Of File - - 3DCB50F712D69279F1FB812B7CD5581E[/QUOTE]

--- --- ---

Neustart funktionierte ohne Fehlermeldung.

Gut! :daumenhoc

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken ---> http://larusso.trojaner-board.de/Images/eset.jpg
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

http://img707.imageshack.us/img707/687/starteg.jpg drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange (einige Stunden) dauern! :kaffee:

Wenn der Scan beendet wurde
Klicke http://billy-oneal.com/Canned%20Spee...istThreats.png und dann http://billy-oneal.com/Canned%20Spee...esetExport.png

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck: LINK1 LINK2
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Schreibe mir nur ob der Schritt geklappt hat, das anfallende Logfile brauchen wir nicht.

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Hallo Ryder

Für den mehrere Stunden andauernde ESET Test habe ich noch keine gescheite Zeit gefunden. Bin noch am Rumkränkeln und deshalb am morgen vor der Arbeit noch nicht so fit.
Die "mehrere Stunden" schrecken mich schon etwas ab, der Rechner steht im Schlafzimmer...
Bis ende Woche werde Ich das hinkriegen.

Gruss Paul

du wirst nach 2 Tagen eben wieder angezählt. Der Scan KANN so lange dauern muss aber nicht.

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen