Hallo zusammen,
Seit heute meldet mir AniVir zwei Viren/Trojaner: TR/ATRAPS.Gen und TR/ATRAPS.Gen2.
Laut Google scheinen die Zwei ja bereits bekannt zu sein...
Ich hoffe hier kann mir jemand helfen.

Ich habe bereits bei euch im Forum angefangen mich ins Thema reinzulesen, allerdings hat ja jeder PC seine individuellen Logfiles.

OTL habe ich bereits wie in eurer Anleitung ausgeführt:

OTL.Txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 17.07.2012 17:11:41 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\T\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 66,36% Memory free
15,95 Gb Paging File | 13,14 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 369,06 Gb Free Space | 79,26% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 249,63 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
Drive J: | 3,91 Gb Total Space | 3,89 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
 
Computer Name: TOBI-BÜRO-SR | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\T\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 01 74 5E 0D 60 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..network.proxy.http: "80.58.29.174"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.04 09:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 10:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.22 12:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 10:05:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.28 22:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T\AppData\Roaming\mozilla\Extensions
[2012.07.16 11:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions
[2012.04.03 11:00:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.13 10:20:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions\foxmarks@kei.com
[2012.04.26 15:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.04 11:45:25 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.07.16 11:19:22 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.15 09:46:44 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.26 10:05:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 10:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 10:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 10:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 10:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 10:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 10:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [fgmstart]  File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://212.89.130.140/+CSCOL+/csvrloader64.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://212.89.130.140/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFFEFE8F-D21B-41D5-947E-EC34C89EC9CD}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 17:10:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2012.07.17 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Local\Microsoft Games
[2012.07.17 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.17 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.17 15:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.17 15:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.17 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.17 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Adobe After Effects Auto-Speichern
[2012.07.17 13:22:28 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Malwarebytes
[2012.07.17 13:22:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 13:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 13:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 13:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 15:39:02 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\neue In-szene Webste migges tobi
[2012.07.16 11:24:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.07.16 10:52:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.16 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.16 10:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.07.13 11:33:17 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Angebot - Schnick Schnack SB
[2012.07.13 11:06:29 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\St. Arnual blüht auf
[2012.07.12 18:20:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 18:20:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 18:20:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 18:20:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 18:20:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 18:20:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 18:20:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 18:20:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 18:20:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 18:20:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 18:20:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 18:20:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 18:20:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 10:04:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 10:04:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 10:03:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 10:03:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 10:03:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:37:38 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Cafe Lounge  SB
[2012.07.11 11:33:36 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Simionstift CC
[2012.07.10 14:52:44 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.10 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\saarscene
[2012.07.06 15:48:57 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Quattrocult Standorte
[2012.07.05 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Originale in Saarbrücken 5
[2012.07.04 11:37:46 | 000,000,000 | ---D | C] -- C:\Users\T\Documents\Freebies
[2012.07.02 16:23:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.02 11:32:04 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Logitech
[2012.07.02 11:17:18 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Leadertech
[2012.07.02 11:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.07.02 11:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.07.02 11:14:56 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2012.07.02 11:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 11:14:54 | 000,050,176 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LBTCoIns.DLL
[2012.07.02 11:14:50 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2012.07.02 11:14:50 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2012.07.02 11:14:50 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2012.07.02 11:14:50 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2012.07.02 11:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.07.02 11:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 11:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.06.26 16:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.06.26 16:20:34 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2012.06.26 16:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012.06.26 16:20:25 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012.06.26 16:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012.06.26 16:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2012.06.26 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\T\Library
[2012.06.26 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Local\Apple Computer
[2012.06.26 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Titanium
[2012.06.26 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Player
[2012.06.26 13:30:12 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.06.22 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Black Background Set by Freeman
[2012.06.22 09:40:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 09:40:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 09:40:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 09:40:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 09:40:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 09:40:05 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 09:39:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 09:39:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.18 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Saarspektakel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 17:10:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2012.07.17 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 16:54:37 | 000,000,061 | ---- | M] () -- C:\Users\T\Desktop\Trojaneralarm TRAtraps.gen - Spyware Hilfe.URL
[2012.07.17 16:38:46 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:38:46 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:35:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 16:35:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 16:35:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 16:35:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 16:35:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 16:30:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 16:29:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 16:29:47 | 2129,297,407 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 16:19:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:09:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 14:30:24 | 025,141,301 | ---- | M] () -- C:\Users\T\Desktop\WIEDERHERGESTELLT_test.fla
[2012.07.17 14:13:18 | 003,997,194 | ---- | M] () -- C:\Users\T\Desktop\MVI_6419.flv
[2012.07.16 16:54:04 | 000,167,629 | ---- | M] () -- C:\Users\T\Desktop\lottoinfonet-saar-anibanner.aep
[2012.07.16 16:50:49 | 016,446,120 | ---- | M] () -- C:\Users\T\Desktop\MVI_6419.swf
[2012.07.16 16:50:32 | 000,008,321 | ---- | M] () -- C:\Users\T\Desktop\AC_RunActiveContent.js
[2012.07.16 14:12:41 | 000,000,670 | ---- | M] () -- C:\Users\T\Desktop\Projekte *Schaller & Partner - Werbeagentur GWA in Mannheim..website
[2012.07.16 10:15:18 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe
[2012.07.13 17:54:48 | 000,158,374 | ---- | M] () -- C:\Users\T\Desktop\test.fla
[2012.07.13 15:46:27 | 011,690,063 | ---- | M] () -- C:\Users\T\Desktop\graphicriver-2360603-various-vector-badges.zip
[2012.07.13 11:44:31 | 002,584,576 | ---- | M] () -- C:\Users\T\Desktop\St. Arnual blüht auf.indd
[2012.07.13 10:01:34 | 010,120,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 13:58:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 13:58:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.11 16:43:17 | 000,709,274 | ---- | M] () -- C:\Users\T\Desktop\lotto-infonet-saar-angebot-anforndern.eps
[2012.07.11 15:57:37 | 000,000,115 | ---- | M] () -- C:\Users\T\Desktop\„DESIGNFEE Honorar Kalkulator - Design kalkulieren. Stundensatz berechnen.“ für iPhone 3GS, iPhone 4, iPhone 4S, iPod touch .URL
[2012.07.11 10:55:08 | 000,301,515 | ---- | M] () -- C:\Users\T\Desktop\facebook-header.psd
[2012.07.11 10:32:39 | 000,076,745 | ---- | M] () -- C:\Users\T\Desktop\facebook-header.jpg
[2012.07.06 14:39:19 | 000,230,441 | ---- | M] () -- C:\Users\T\Desktop\Quattrocult - Wanddisplays.JPG
[2012.07.05 16:51:27 | 002,363,013 | ---- | M] () -- C:\Users\T\Desktop\originale-5.psd
[2012.07.05 15:39:21 | 000,000,080 | ---- | M] () -- C:\Users\T\Desktop\Ihr Messeausstatter Banner, Faltdisplays, RollUps, Theken, uvm..URL
[2012.07.05 15:24:23 | 002,258,609 | ---- | M] () -- C:\Users\T\Desktop\img_20120116_103452.jpeg w=400&h=298.jpg
[2012.07.05 11:12:35 | 638,935,485 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.05 11:07:05 | 000,000,114 | ---- | M] () -- C:\Users\T\Desktop\Seal of Approval Isolated Stock Photo iStock.URL
[2012.07.05 11:03:29 | 000,000,103 | ---- | M] () -- C:\Users\T\Desktop\heart wax seal Stock Photo iStock.URL
[2012.07.05 10:41:36 | 000,001,358 | ---- | M] () -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.07.04 17:44:54 | 001,279,969 | ---- | M] () -- C:\Users\T\Desktop\Teamgeist.ai
[2012.07.03 14:14:06 | 001,115,648 | ---- | M] () -- C:\Users\T\Desktop\IN-SZENE - Mediakonzept I - St. Arnual blüht auf.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 13:28:01 | 000,548,864 | ---- | M] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.indd
[2012.07.03 12:58:42 | 003,751,667 | ---- | M] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.pdf
[2012.07.03 11:43:13 | 000,496,174 | ---- | M] () -- C:\Users\T\Desktop\Saarspektakel-flash2.psd
[2012.07.02 14:03:52 | 000,000,051 | ---- | M] () -- C:\Users\T\Desktop\Lena Hennig.URL
[2012.07.02 11:16:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.07.02 11:14:56 | 000,001,845 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.06.28 10:43:16 | 000,000,132 | ---- | M] () -- C:\Users\T\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.06.27 15:46:25 | 000,000,056 | ---- | M] () -- C:\Users\T\Desktop\Auftraggeber « Intuity Media Lab.URL
[2012.06.26 16:20:37 | 000,047,633 | ---- | M] () -- C:\Windows\SysWow64\wuwuninst.exe
[2012.06.26 11:58:12 | 000,001,456 | ---- | M] () -- C:\Users\T\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.26 11:18:30 | 001,323,334 | ---- | M] () -- C:\Users\T\Desktop\LOTTO Front.ai
[2012.06.22 17:35:02 | 000,000,058 | ---- | M] () -- C:\Users\T\Desktop\Logo Faves Logo Inspiration Gallery.URL
[2012.06.18 17:25:34 | 000,000,083 | ---- | M] () -- C:\Users\T\Desktop\Font Squirrel Sans Serif Free Fonts.URL
[2012.06.18 17:06:05 | 000,000,085 | ---- | M] () -- C:\Users\T\Desktop\VTV_Klappentext.pdf (applicationpdf-Objekt).URL
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.17 17:00:35 | 000,022,528 | ---- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\800000cb.@
[2012.07.17 17:00:35 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\80000000.@
[2012.07.17 16:54:37 | 000,000,061 | ---- | C] () -- C:\Users\T\Desktop\Trojaneralarm TRAtraps.gen - Spyware Hilfe.URL
[2012.07.17 15:09:32 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
[2012.07.17 15:09:31 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:09:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 14:30:54 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\00000001.@
[2012.07.17 14:30:23 | 025,141,301 | ---- | C] () -- C:\Users\T\Desktop\WIEDERHERGESTELLT_test.fla
[2012.07.16 16:54:03 | 000,167,629 | ---- | C] () -- C:\Users\T\Desktop\lottoinfonet-saar-anibanner.aep
[2012.07.16 16:51:14 | 003,997,194 | ---- | C] () -- C:\Users\T\Desktop\MVI_6419.flv
[2012.07.16 16:50:29 | 016,446,120 | ---- | C] () -- C:\Users\T\Desktop\MVI_6419.swf
[2012.07.16 16:50:16 | 000,008,321 | ---- | C] () -- C:\Users\T\Desktop\AC_RunActiveContent.js
[2012.07.16 14:12:41 | 000,000,670 | ---- | C] () -- C:\Users\T\Desktop\Projekte *Schaller & Partner - Werbeagentur GWA in Mannheim..website
[2012.07.13 17:54:48 | 000,158,374 | ---- | C] () -- C:\Users\T\Desktop\test.fla
[2012.07.13 15:45:52 | 011,690,063 | ---- | C] () -- C:\Users\T\Desktop\graphicriver-2360603-various-vector-badges.zip
[2012.07.11 16:43:15 | 000,709,274 | ---- | C] () -- C:\Users\T\Desktop\lotto-infonet-saar-angebot-anforndern.eps
[2012.07.11 15:57:37 | 000,000,115 | ---- | C] () -- C:\Users\T\Desktop\„DESIGNFEE Honorar Kalkulator - Design kalkulieren. Stundensatz berechnen.“ für iPhone 3GS, iPhone 4, iPhone 4S, iPod touch .URL
[2012.07.11 10:32:38 | 000,076,745 | ---- | C] () -- C:\Users\T\Desktop\facebook-header.jpg
[2012.07.11 10:29:30 | 000,301,515 | ---- | C] () -- C:\Users\T\Desktop\facebook-header.psd
[2012.07.06 14:37:59 | 000,230,441 | ---- | C] () -- C:\Users\T\Desktop\Quattrocult - Wanddisplays.JPG
[2012.07.05 15:39:21 | 000,000,080 | ---- | C] () -- C:\Users\T\Desktop\Ihr Messeausstatter Banner, Faltdisplays, RollUps, Theken, uvm..URL
[2012.07.05 15:24:21 | 002,258,609 | ---- | C] () -- C:\Users\T\Desktop\img_20120116_103452.jpeg w=400&h=298.jpg
[2012.07.05 11:57:23 | 002,363,013 | ---- | C] () -- C:\Users\T\Desktop\originale-5.psd
[2012.07.05 11:07:05 | 000,000,114 | ---- | C] () -- C:\Users\T\Desktop\Seal of Approval Isolated Stock Photo iStock.URL
[2012.07.05 11:03:29 | 000,000,103 | ---- | C] () -- C:\Users\T\Desktop\heart wax seal Stock Photo iStock.URL
[2012.07.05 10:41:36 | 000,001,358 | ---- | C] () -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.07.04 17:41:04 | 001,279,969 | ---- | C] () -- C:\Users\T\Desktop\Teamgeist.ai
[2012.07.03 13:55:35 | 000,020,432 | ---- | C] () -- C:\Users\T\Desktop\web-unterschrift08.jpg
[2012.07.03 13:28:00 | 000,548,864 | ---- | C] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.indd
[2012.07.03 12:56:50 | 003,751,667 | ---- | C] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.pdf
[2012.07.03 11:43:13 | 000,496,174 | ---- | C] () -- C:\Users\T\Desktop\Saarspektakel-flash2.psd
[2012.07.02 19:31:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 16:23:41 | 638,935,485 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.02 14:03:52 | 000,000,051 | ---- | C] () -- C:\Users\T\Desktop\Lena Hennig.URL
[2012.07.02 12:16:02 | 001,115,648 | ---- | C] () -- C:\Users\T\Desktop\IN-SZENE - Mediakonzept I - St. Arnual blüht auf.pdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.07.02 11:14:56 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.06.27 15:46:25 | 000,000,056 | ---- | C] () -- C:\Users\T\Desktop\Auftraggeber « Intuity Media Lab.URL
[2012.06.26 16:20:37 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2012.06.26 16:20:35 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.26 10:24:05 | 001,323,334 | ---- | C] () -- C:\Users\T\Desktop\LOTTO Front.ai
[2012.06.25 12:29:12 | 002,584,576 | ---- | C] () -- C:\Users\T\Desktop\St. Arnual blüht auf.indd
[2012.06.22 17:35:02 | 000,000,058 | ---- | C] () -- C:\Users\T\Desktop\Logo Faves Logo Inspiration Gallery.URL
[2012.06.18 17:25:34 | 000,000,083 | ---- | C] () -- C:\Users\T\Desktop\Font Squirrel Sans Serif Free Fonts.URL
[2012.06.18 17:06:05 | 000,000,085 | ---- | C] () -- C:\Users\T\Desktop\VTV_Klappentext.pdf (applicationpdf-Objekt).URL
[2012.04.10 11:03:42 | 000,000,132 | ---- | C] () -- C:\Users\T\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.04 16:41:57 | 000,001,456 | ---- | C] () -- C:\Users\T\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.02 12:52:51 | 000,007,602 | ---- | C] () -- C:\Users\T\AppData\Local\Resmon.ResmonCfg
[2012.03.28 23:00:58 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\@
[2012.03.28 23:00:58 | 000,002,048 | -HS- | C] () -- C:\Users\T\AppData\Local\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\@
[2012.03.28 21:52:57 | 000,041,883 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.03.26 21:41:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.26 21:41:34 | 000,029,009 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012.05.04 14:28:39 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.07.17 16:30:42 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Dropbox
[2012.04.25 10:39:41 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\ImTOO
[2012.07.02 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Leadertech
[2012.03.30 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\OpenOffice.org
[2012.04.11 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\PACE Anti-Piracy
[2012.05.03 15:02:51 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Stardock
[2012.04.02 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\TeamViewer
[2012.03.28 23:18:48 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Thunderbird
[2012.06.26 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Titanium
[2009.07.14 07:08:49 | 000,024,066 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.03 13:09:05 | 000,000,073 | ---- | M] ()(C:\Users\T\Desktop\?Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL) -- C:\Users\T\Desktop\→Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL
[2012.07.03 13:09:05 | 000,000,073 | ---- | C] ()(C:\Users\T\Desktop\?Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL) -- C:\Users\T\Desktop\→Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL

< End of report >
         

OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 17.07.2012 17:11:41 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\T\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 66,36% Memory free
15,95 Gb Paging File | 13,14 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 369,06 Gb Free Space | 79,26% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 249,63 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
Drive J: | 3,91 Gb Total Space | 3,89 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
 
Computer Name: TOBI-BÜRO-SR | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.79
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{c83225a4-e65b-47d5-9d35-400b524cf4c0}" = Nero BackItUp 4 Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Fences" = Fences
"ffdshow_is1" = ffdshow [rev 1370] [2007-07-22]
"ImTOO SWF Converter 6" = ImTOO SWF Converter 6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"xampp" = XAMPP 1.7.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2012 04:04:22 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2012 04:25:20 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 04:21:33 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 08:34:19 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.1.4548,
 Zeitstempel: 0x4fda5ff0  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll, 
Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00300597  ID des fehlerhaften Prozesses: 0x159c  Startzeit der fehlerhaften Anwendung:
 0x01cd63f675db5204  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 ba292129-d00b-11e1-ad7d-5404a6c028f1
 
Error - 17.07.2012 08:36:36 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 7531CCA9000002F49FF189F4F875F002.exe,
 Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x779d1264  ID des fehlerhaften Prozesses: 0x2ac  Startzeit der fehlerhaften Anwendung:
 0x01cd6418cde5238b  Pfad der fehlerhaften Anwendung: C:\ProgramData\7531CCA9000002F49FF189F4F875F002\7531CCA9000002F49FF189F4F875F002.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0bc149f1-d00c-11e1-ad7d-5404a6c028f1
 
Error - 17.07.2012 09:06:48 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 09:20:25 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 09:56:22 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Illustrator.exe, Version: 15.1.0.39,
 Zeitstempel: 0x4d76c9e3  Name des fehlerhaften Moduls: AdobeOwl.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4b958fed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67d8fe38
ID
 des fehlerhaften Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cd6423c52a9308
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Illustrator CS5.1\Support
 Files\Contents\Windows\Illustrator.exe  Pfad des fehlerhaften Moduls: AdobeOwl.dll
Berichtskennung:
 3085e0ae-d017-11e1-a418-5404a6c028f1
 
Error - 17.07.2012 09:56:40 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Illustrator.exe, Version: 15.1.0.39,
 Zeitstempel: 0x4d76c9e3  Name des fehlerhaften Moduls: AdobeOwl.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4b958fed  Ausnahmecode: 0xc000041d  Fehleroffset: 0x67d8fe38
ID
 des fehlerhaften Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cd6423c52a9308
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Illustrator CS5.1\Support
 Files\Contents\Windows\Illustrator.exe  Pfad des fehlerhaften Moduls: AdobeOwl.dll
Berichtskennung:
 3b6f28a4-d017-11e1-a418-5404a6c028f1
 
Error - 17.07.2012 10:31:40 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.07.2012 09:07:47 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 09:17:48 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 17.07.2012 09:20:44 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.07.2012 09:20:44 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 10:31:23 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.07.2012 10:32:42 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.07.2012 10:32:42 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 10:52:35 | Computer Name = Tobi-Büro-SR | Source = volsnap | ID = 393226
Description = Die Schattenkopie von Volume "E:" hat das Installationszeitlimit überschritten.
 
Error - 17.07.2012 11:00:35 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.07.2012 11:00:35 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         

--- --- ---


Infos zum PC: hxxp://666kb.com/i/c5lb4on7ndixmrs91.jpg

Vielen Dank und Gruß

Tobias

PS: Ich weiß nicht ob es etwas zur Sache tut aber ich hatte gestern bereits Bekanntschaft mit "Live Security Premium" gemacht - diesen aber durch diverste Anleitungen und Programme wie "SUPERAntiSpyware" und "Malwarebytes' Anti-Malware" scheinbar bezwungen.
Die Programme sind noch vorhanden.

Zudem (es ist mir heute das erstemal aufgefallen) zeigt meine Windows Firewall eine Fehlermeldung an wenn ich sie aktivieren möchte:

Zitat:

Einige der Einstellungen können von der Windows-Firewall nicht geändert werden.
Fehlercode 0x80070424

kann mir keiner weiterhelfen?
push :-/

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
• Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
• Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Daniel,
erst einmal vielen Dank für deine Hilfe!

Leider habe ich gleich beim ersten Schritt schon ein Problem:
Wie empfohlen habe ich meinen Antivirus abgeschaltet (LAN-Kabel entfernt).
Dann habe ich mir ComboFix heruntergeladen, auf dem Desktop abgelegt und mit Admin-Rechten ausgeführt.
Nun bringt mir ComboFix folgende Meldung:



Darauf hin habe ich versucht über den Taskmanager den Prozess zu beenden, doch dafür fehlen mir (obwohl ich Admin bin) scheinbar die Rechte.

Muss ich Avira deinstallieren um ganz sicher zu gehen?

Danke und Gruß

Tobias

Klicke einfach auf OK

gesagt - getan :-)

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-07-18.01 - T 18.07.2012  18:02:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.4789 [GMT 2:00]
ausgeführt von:: c:\users\T\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\@
c:\windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\00000001.@
c:\windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\80000000.@
c:\windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\800000cb.@
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-18 bis 2012-07-18  ))))))))))))))))))))))))))))))
.
.
2012-07-18 16:05 . 2012-07-18 16:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-17 13:23 . 2012-07-17 13:36	--------	d-----w-	c:\users\T\AppData\Local\Microsoft Games
2012-07-17 13:09 . 2012-07-17 13:09	--------	d-----w-	c:\users\T\AppData\Roaming\SUPERAntiSpyware.com
2012-07-17 13:09 . 2012-07-17 13:22	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-07-17 13:09 . 2012-07-17 13:09	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-07-17 11:22 . 2012-07-17 11:22	--------	d-----w-	c:\users\T\AppData\Roaming\Malwarebytes
2012-07-17 11:22 . 2012-07-17 11:22	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-17 11:22 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-17 11:22 . 2012-07-17 11:22	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 08:52 . 2012-07-16 08:52	--------	d-----w-	c:\windows\Sun
2012-07-16 08:47 . 2012-07-16 08:47	--------	d-----w-	c:\program files\Enigma Software Group
2012-07-16 08:46 . 2012-07-17 13:22	--------	d-----w-	c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-16 08:46 . 2012-07-16 08:46	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-13 08:05 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C551123-8061-4C31-9153-BB7A289CBCD4}\mpengine.dll
2012-07-12 16:22 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 08:04 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-12 08:04 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-12 08:04 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-07-12 08:04 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-12 08:04 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-12 08:04 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-07-10 12:52 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-02 09:32 . 2012-07-02 09:32	--------	d-----w-	c:\users\T\AppData\Roaming\Logitech
2012-07-02 09:17 . 2012-07-02 09:17	--------	d-----w-	c:\users\T\AppData\Roaming\Leadertech
2012-07-02 09:17 . 2012-07-02 09:32	--------	d-----w-	c:\programdata\LogiShrd
2012-07-02 09:15 . 2012-07-02 09:17	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2012-07-02 09:14 . 2009-07-20 10:33	190992	----a-w-	c:\windows\system32\BtCoreIf.dll
2012-07-02 09:14 . 2007-12-14 14:13	50176	----a-w-	c:\windows\system32\LBTCoIns.DLL
2012-07-02 09:14 . 2009-07-20 10:35	96272	----a-w-	c:\windows\system32\KemXML.dll
2012-07-02 09:14 . 2009-07-20 10:34	159248	----a-w-	c:\windows\system32\KemWnd.dll
2012-07-02 09:14 . 2009-07-20 10:34	235536	----a-w-	c:\windows\system32\KemUtil.dll
2012-07-02 09:14 . 2009-07-20 10:34	235536	----a-w-	c:\windows\system32\kemutb.dll
2012-07-02 09:14 . 2012-07-02 09:14	--------	d-----w-	c:\programdata\Logitech
2012-07-02 09:14 . 2012-07-02 09:17	--------	d-----w-	c:\program files\Common Files\Logishrd
2012-07-02 09:14 . 2012-07-02 09:14	--------	d-----w-	c:\program files\Logitech
2012-06-26 14:20 . 2012-06-26 14:20	47633	----a-w-	c:\windows\SysWow64\wuwuninst.exe
2012-06-26 14:20 . 2007-07-22 09:32	7680	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2012-06-26 14:20 . 2012-06-26 14:20	--------	d-----w-	c:\program files (x86)\ffdshow
2012-06-26 14:20 . 2007-07-22 09:32	60273	----a-w-	c:\windows\SysWow64\pthreadGC2.dll
2012-06-26 14:20 . 2012-06-26 14:20	--------	d-----w-	C:\IExp1.tmp
2012-06-26 14:20 . 2012-06-26 14:20	--------	d-----w-	C:\IExp0.tmp
2012-06-26 14:20 . 2012-06-26 14:20	--------	d--h--w-	c:\windows\msdownld.tmp
2012-06-26 14:20 . 2012-06-26 14:20	--------	d-----w-	c:\program files (x86)\Windows Media Components
2012-06-26 11:30 . 2012-06-26 11:30	--------	d-----w-	c:\users\T\Library
2012-06-26 11:30 . 2012-06-26 11:30	--------	d-----w-	c:\users\T\AppData\Local\Apple Computer
2012-06-26 11:30 . 2012-06-26 11:30	--------	d-----w-	c:\users\T\AppData\Roaming\Titanium
2012-06-26 11:30 . 2012-06-27 08:53	--------	d-----w-	c:\program files\Player
2012-06-26 11:30 . 2012-06-27 08:53	--------	d-----w-	c:\windows\uninstall
2012-06-26 08:05 . 2012-06-26 08:05	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 08:05 . 2012-06-26 08:05	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 07:40 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 07:40 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 07:40 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 07:40 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 07:40 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 07:40 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 07:40 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 07:39 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 07:39 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:58 . 2012-03-28 20:58	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 11:58 . 2012-03-28 20:58	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 13:40 . 2012-03-28 20:43	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 13:40 . 2012-03-28 20:43	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 11:06 . 2012-06-15 07:35	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 07:35	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 07:35	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-15 07:35	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-15 07:35	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 07:35	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 07:35	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 07:35	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-15 07:35	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-15 07:35	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-15 07:35	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-15 07:35	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-15 07:35	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-15 07:35	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
.
c:\users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-7-2 1207312]
RocketDock.lnk - c:\program files (x86)\RocketDock\RocketDock.exe [2012-3-28 495616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-18 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-05-09 262360]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 11:58]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 13:09]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 13:09]
.
2012-07-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1875048]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://212.89.130.140/+CSCOL+/csvrloader32.cab
FF - ProfilePath - c:\users\T\AppData\Roaming\Mozilla\Firefox\Profiles\2fy5fkit.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.http - 80.58.29.174
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-fgmstart - (no file)
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-18  18:13:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-18 16:13
.
Vor Suchlauf: 11 Verzeichnis(se), 396.768.886.784 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 398.519.955.456 Bytes frei
.
- - End Of File - - 8C546A67259695AA82EA92CD9BFAD317
         

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  
  Code: Alles auswählenAufklappen

  ATTFilter

  :folderfind
  {1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}
  :regfind
  {1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}
           

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Code: Alles auswählenAufklappen

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 15:53 on 19/07/2012 by T
Administrator - Elevation successful

========== folderfind ==========

Searching for "{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}"
C:\Qoobox\Quarantine\C\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}	d------	[13:00 18/07/2012]
C:\Users\T\AppData\Local\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}	d--hs--	[21:00 28/03/2012]
C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}	d------	[21:00 28/03/2012]

========== regfind ==========

Searching for "{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}"
No data found.

-= EOF =-
         

...übrigens geht die Virewall wieder und es kam beim heutigen Systemstart keine Virenmeldung!

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code: Alles auswählenAufklappen

ATTFilter

Folder::
C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}
C:\Users\T\AppData\Local\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}

ClearJavaCache::
         

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

• Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
• Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
• Mache nichts am PC solange ComboFix läuft.

• In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
• Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

• Downloade dir bitte die neueste Java-Version von hier
• Speichere die jxpiinstall.exe
• Schließe alle laufenden Programme. Speziell deinen Browser.
• Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
• Wenn die Installation beendet wurde
  Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
• Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

• Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
• Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
• Klicke auf Dateien löschen....
• Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
• Klicke erneut OK.

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Hallo Daniel,

vielen Dank!
Hat alles wunderbar geklappt - anbei die txts:

ESET.txt:

Code: Alles auswählenAufklappen

ATTFilter

C:\Qoobox\Quarantine\C\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\80000000.@.vir	Win64/Sirefef.AL trojan
E:\Sicherungen\intern1\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application
E:\Sicherungen\intern1\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll	Win32/Toolbar.Babylon application
E:\Sicherungen\intern1\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application
E:\Sicherungen\intern1\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application
E:\Sicherungen\intern1\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application
         

OTL.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 20.07.2012 14:13:30 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\T\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,41% Memory free
15,95 Gb Paging File | 13,14 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 369,36 Gb Free Space | 79,32% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 249,63 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
 
Computer Name: TOBI-BÜRO-SR | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\T\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 01 74 5E 0D 60 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..network.proxy.http: "80.58.29.174"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.04 09:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 13:49:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.22 12:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.28 22:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T\AppData\Roaming\mozilla\Extensions
[2012.07.16 11:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions
[2012.04.03 11:00:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.13 10:20:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions\foxmarks@kei.com
[2012.04.26 15:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.04 11:45:25 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.06.15 09:46:44 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.20 13:49:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 10:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 10:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 10:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 10:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 10:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 10:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.20 11:13:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://212.89.130.140/+CSCOL+/csvrloader64.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://212.89.130.140/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFFEFE8F-D21B-41D5-947E-EC34C89EC9CD}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 13:54:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.20 13:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.20 13:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.20 13:47:37 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.20 13:47:37 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.20 11:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.20 11:19:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\T\Desktop\esetsmartinstaller_enu.exe
[2012.07.20 11:01:37 | 004,583,244 | R--- | C] (Swearware) -- C:\Users\T\Desktop\ComboFix.exe
[2012.07.20 10:58:15 | 000,000,000 | ---D | C] -- C:\Users\T\temp
[2012.07.18 18:13:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.18 18:00:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.18 18:00:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.18 18:00:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.18 14:59:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.18 14:59:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.17 17:10:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2012.07.17 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Local\Microsoft Games
[2012.07.17 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.17 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.17 15:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.17 15:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.17 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Adobe After Effects Auto-Speichern
[2012.07.17 13:22:28 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Malwarebytes
[2012.07.17 13:22:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 13:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 13:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 13:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 15:39:02 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\neue In-szene Webste migges tobi
[2012.07.16 11:24:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.07.16 10:52:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.16 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.16 10:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.07.13 11:33:17 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Angebot - Schnick Schnack SB
[2012.07.13 11:06:29 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\St. Arnual blüht auf
[2012.07.12 18:20:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 18:20:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 18:20:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 18:20:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 18:20:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 18:20:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 18:20:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 18:20:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 18:20:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 18:20:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 18:20:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 18:20:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 18:20:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 10:04:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 10:04:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 10:03:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 10:03:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 10:03:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:37:38 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Cafe Lounge  SB
[2012.07.11 11:33:36 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Simionstift CC
[2012.07.10 14:52:44 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.10 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\saarscene
[2012.07.06 15:48:57 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Quattrocult Standorte
[2012.07.05 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Originale in Saarbrücken 5
[2012.07.04 11:37:46 | 000,000,000 | ---D | C] -- C:\Users\T\Documents\Freebies
[2012.07.02 16:23:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.02 11:32:04 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Logitech
[2012.07.02 11:17:18 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Leadertech
[2012.07.02 11:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.07.02 11:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.07.02 11:14:56 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2012.07.02 11:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 11:14:54 | 000,050,176 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LBTCoIns.DLL
[2012.07.02 11:14:50 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2012.07.02 11:14:50 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2012.07.02 11:14:50 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2012.07.02 11:14:50 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2012.07.02 11:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.07.02 11:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 11:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.06.26 16:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.06.26 16:20:34 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2012.06.26 16:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012.06.26 16:20:25 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012.06.26 16:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012.06.26 16:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2012.06.26 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\T\Library
[2012.06.26 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Local\Apple Computer
[2012.06.26 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Titanium
[2012.06.26 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Player
[2012.06.26 13:30:12 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.06.22 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Black Background Set by Freeman
[2012.06.22 09:40:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 09:40:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 09:40:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 09:40:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 09:40:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 09:40:05 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 09:39:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 09:39:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 14:01:45 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 14:01:45 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 13:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 13:53:54 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 13:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 13:53:31 | 2129,297,407 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 13:47:19 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.20 13:47:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.20 13:47:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.20 13:19:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 11:19:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\T\Desktop\esetsmartinstaller_enu.exe
[2012.07.20 11:13:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.20 11:02:05 | 004,583,244 | R--- | M] (Swearware) -- C:\Users\T\Desktop\ComboFix.exe
[2012.07.19 17:32:19 | 003,554,662 | ---- | M] () -- C:\Users\T\Desktop\120718_Pfanne_Spot_Lottoscreens.mp4
[2012.07.19 15:52:22 | 000,165,376 | ---- | M] () -- C:\Users\T\Desktop\SystemLook_x64.exe
[2012.07.18 15:15:41 | 000,084,867 | ---- | M] () -- C:\Users\T\Desktop\combofix.jpg
[2012.07.18 15:09:00 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
[2012.07.18 11:49:16 | 001,318,930 | ---- | M] () -- C:\Users\T\Desktop\Zulassung Mazda 323 f bg.jpg
[2012.07.18 11:48:29 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.18 11:23:38 | 000,099,358 | ---- | M] () -- C:\Users\T\Desktop\120718_Pfanne_Spot_Lottoscreens.swf
[2012.07.18 02:00:34 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 17:39:17 | 000,000,121 | ---- | M] () -- C:\Users\T\Desktop\AntiVir meldet TRATRAPS.Gen und TRATRAPS.Gen2 - Trojaner-Board.URL
[2012.07.17 17:10:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2012.07.17 16:54:37 | 000,000,061 | ---- | M] () -- C:\Users\T\Desktop\Trojaneralarm TRAtraps.gen - Spyware Hilfe.URL
[2012.07.17 16:35:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 16:35:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 16:35:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 16:35:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 16:35:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 14:30:24 | 025,141,301 | ---- | M] () -- C:\Users\T\Desktop\WIEDERHERGESTELLT_test.fla
[2012.07.17 14:13:18 | 003,997,194 | ---- | M] () -- C:\Users\T\Desktop\MVI_6419.flv
[2012.07.16 16:54:04 | 000,167,629 | ---- | M] () -- C:\Users\T\Desktop\lottoinfonet-saar-anibanner.aep
[2012.07.16 16:50:49 | 016,446,120 | ---- | M] () -- C:\Users\T\Desktop\MVI_6419.swf
[2012.07.16 16:50:32 | 000,008,321 | ---- | M] () -- C:\Users\T\Desktop\AC_RunActiveContent.js
[2012.07.16 14:12:41 | 000,000,670 | ---- | M] () -- C:\Users\T\Desktop\Projekte *Schaller & Partner - Werbeagentur GWA in Mannheim..website
[2012.07.13 17:54:48 | 000,158,374 | ---- | M] () -- C:\Users\T\Desktop\test.fla
[2012.07.13 15:46:27 | 011,690,063 | ---- | M] () -- C:\Users\T\Desktop\graphicriver-2360603-various-vector-badges.zip
[2012.07.13 11:44:31 | 002,584,576 | ---- | M] () -- C:\Users\T\Desktop\St. Arnual blüht auf.indd
[2012.07.13 10:01:34 | 010,120,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 13:58:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 13:58:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.11 16:43:17 | 000,709,274 | ---- | M] () -- C:\Users\T\Desktop\lotto-infonet-saar-angebot-anforndern.eps
[2012.07.11 15:57:37 | 000,000,115 | ---- | M] () -- C:\Users\T\Desktop\„DESIGNFEE Honorar Kalkulator - Design kalkulieren. Stundensatz berechnen.“ für iPhone 3GS, iPhone 4, iPhone 4S, iPod touch .URL
[2012.07.11 10:55:08 | 000,301,515 | ---- | M] () -- C:\Users\T\Desktop\facebook-header.psd
[2012.07.11 10:32:39 | 000,076,745 | ---- | M] () -- C:\Users\T\Desktop\facebook-header.jpg
[2012.07.06 14:39:19 | 000,230,441 | ---- | M] () -- C:\Users\T\Desktop\Quattrocult - Wanddisplays.JPG
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.05 16:51:27 | 002,363,013 | ---- | M] () -- C:\Users\T\Desktop\originale-5.psd
[2012.07.05 15:39:21 | 000,000,080 | ---- | M] () -- C:\Users\T\Desktop\Ihr Messeausstatter Banner, Faltdisplays, RollUps, Theken, uvm..URL
[2012.07.05 15:24:23 | 002,258,609 | ---- | M] () -- C:\Users\T\Desktop\img_20120116_103452.jpeg w=400&h=298.jpg
[2012.07.05 11:12:35 | 638,935,485 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.05 11:07:05 | 000,000,114 | ---- | M] () -- C:\Users\T\Desktop\Seal of Approval Isolated Stock Photo iStock.URL
[2012.07.05 11:03:29 | 000,000,103 | ---- | M] () -- C:\Users\T\Desktop\heart wax seal Stock Photo iStock.URL
[2012.07.04 17:44:54 | 001,279,969 | ---- | M] () -- C:\Users\T\Desktop\Teamgeist.ai
[2012.07.03 14:14:06 | 001,115,648 | ---- | M] () -- C:\Users\T\Desktop\IN-SZENE - Mediakonzept I - St. Arnual blüht auf.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 13:28:01 | 000,548,864 | ---- | M] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.indd
[2012.07.03 12:58:42 | 003,751,667 | ---- | M] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.pdf
[2012.07.03 11:43:13 | 000,496,174 | ---- | M] () -- C:\Users\T\Desktop\Saarspektakel-flash2.psd
[2012.07.02 14:03:52 | 000,000,051 | ---- | M] () -- C:\Users\T\Desktop\Lena Hennig.URL
[2012.07.02 11:16:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.07.02 11:14:56 | 000,001,845 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.06.28 10:43:16 | 000,000,132 | ---- | M] () -- C:\Users\T\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.06.27 15:46:25 | 000,000,056 | ---- | M] () -- C:\Users\T\Desktop\Auftraggeber « Intuity Media Lab.URL
[2012.06.26 16:20:37 | 000,047,633 | ---- | M] () -- C:\Windows\SysWow64\wuwuninst.exe
[2012.06.26 11:58:12 | 000,001,456 | ---- | M] () -- C:\Users\T\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.26 11:18:30 | 001,323,334 | ---- | M] () -- C:\Users\T\Desktop\LOTTO Front.ai
[2012.06.22 17:35:02 | 000,000,058 | ---- | M] () -- C:\Users\T\Desktop\Logo Faves Logo Inspiration Gallery.URL
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 17:32:18 | 003,554,662 | ---- | C] () -- C:\Users\T\Desktop\120718_Pfanne_Spot_Lottoscreens.mp4
[2012.07.19 15:52:16 | 000,165,376 | ---- | C] () -- C:\Users\T\Desktop\SystemLook_x64.exe
[2012.07.18 18:00:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.18 18:00:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.18 18:00:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.18 18:00:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.18 18:00:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.18 15:15:40 | 000,084,867 | ---- | C] () -- C:\Users\T\Desktop\combofix.jpg
[2012.07.18 11:38:39 | 001,318,930 | ---- | C] () -- C:\Users\T\Desktop\Zulassung Mazda 323 f bg.jpg
[2012.07.18 11:23:38 | 000,099,358 | ---- | C] () -- C:\Users\T\Desktop\120718_Pfanne_Spot_Lottoscreens.swf
[2012.07.17 17:39:17 | 000,000,121 | ---- | C] () -- C:\Users\T\Desktop\AntiVir meldet TRATRAPS.Gen und TRATRAPS.Gen2 - Trojaner-Board.URL
[2012.07.17 16:54:37 | 000,000,061 | ---- | C] () -- C:\Users\T\Desktop\Trojaneralarm TRAtraps.gen - Spyware Hilfe.URL
[2012.07.17 15:09:32 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
[2012.07.17 15:09:31 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:09:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 14:30:23 | 025,141,301 | ---- | C] () -- C:\Users\T\Desktop\WIEDERHERGESTELLT_test.fla
[2012.07.16 16:54:03 | 000,167,629 | ---- | C] () -- C:\Users\T\Desktop\lottoinfonet-saar-anibanner.aep
[2012.07.16 16:51:14 | 003,997,194 | ---- | C] () -- C:\Users\T\Desktop\MVI_6419.flv
[2012.07.16 16:50:29 | 016,446,120 | ---- | C] () -- C:\Users\T\Desktop\MVI_6419.swf
[2012.07.16 16:50:16 | 000,008,321 | ---- | C] () -- C:\Users\T\Desktop\AC_RunActiveContent.js
[2012.07.16 14:12:41 | 000,000,670 | ---- | C] () -- C:\Users\T\Desktop\Projekte *Schaller & Partner - Werbeagentur GWA in Mannheim..website
[2012.07.13 17:54:48 | 000,158,374 | ---- | C] () -- C:\Users\T\Desktop\test.fla
[2012.07.13 15:45:52 | 011,690,063 | ---- | C] () -- C:\Users\T\Desktop\graphicriver-2360603-various-vector-badges.zip
[2012.07.11 16:43:15 | 000,709,274 | ---- | C] () -- C:\Users\T\Desktop\lotto-infonet-saar-angebot-anforndern.eps
[2012.07.11 15:57:37 | 000,000,115 | ---- | C] () -- C:\Users\T\Desktop\„DESIGNFEE Honorar Kalkulator - Design kalkulieren. Stundensatz berechnen.“ für iPhone 3GS, iPhone 4, iPhone 4S, iPod touch .URL
[2012.07.11 10:32:38 | 000,076,745 | ---- | C] () -- C:\Users\T\Desktop\facebook-header.jpg
[2012.07.11 10:29:30 | 000,301,515 | ---- | C] () -- C:\Users\T\Desktop\facebook-header.psd
[2012.07.06 14:37:59 | 000,230,441 | ---- | C] () -- C:\Users\T\Desktop\Quattrocult - Wanddisplays.JPG
[2012.07.05 15:39:21 | 000,000,080 | ---- | C] () -- C:\Users\T\Desktop\Ihr Messeausstatter Banner, Faltdisplays, RollUps, Theken, uvm..URL
[2012.07.05 15:24:21 | 002,258,609 | ---- | C] () -- C:\Users\T\Desktop\img_20120116_103452.jpeg w=400&h=298.jpg
[2012.07.05 11:57:23 | 002,363,013 | ---- | C] () -- C:\Users\T\Desktop\originale-5.psd
[2012.07.05 11:07:05 | 000,000,114 | ---- | C] () -- C:\Users\T\Desktop\Seal of Approval Isolated Stock Photo iStock.URL
[2012.07.05 11:03:29 | 000,000,103 | ---- | C] () -- C:\Users\T\Desktop\heart wax seal Stock Photo iStock.URL
[2012.07.04 17:41:04 | 001,279,969 | ---- | C] () -- C:\Users\T\Desktop\Teamgeist.ai
[2012.07.03 13:55:35 | 000,020,432 | ---- | C] () -- C:\Users\T\Desktop\web-unterschrift08.jpg
[2012.07.03 13:28:00 | 000,548,864 | ---- | C] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.indd
[2012.07.03 12:56:50 | 003,751,667 | ---- | C] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.pdf
[2012.07.03 11:43:13 | 000,496,174 | ---- | C] () -- C:\Users\T\Desktop\Saarspektakel-flash2.psd
[2012.07.02 19:31:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 16:23:41 | 638,935,485 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.02 14:03:52 | 000,000,051 | ---- | C] () -- C:\Users\T\Desktop\Lena Hennig.URL
[2012.07.02 12:16:02 | 001,115,648 | ---- | C] () -- C:\Users\T\Desktop\IN-SZENE - Mediakonzept I - St. Arnual blüht auf.pdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.07.02 11:14:56 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.06.27 15:46:25 | 000,000,056 | ---- | C] () -- C:\Users\T\Desktop\Auftraggeber « Intuity Media Lab.URL
[2012.06.26 16:20:37 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2012.06.26 16:20:35 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.26 10:24:05 | 001,323,334 | ---- | C] () -- C:\Users\T\Desktop\LOTTO Front.ai
[2012.06.25 12:29:12 | 002,584,576 | ---- | C] () -- C:\Users\T\Desktop\St. Arnual blüht auf.indd
[2012.06.22 17:35:02 | 000,000,058 | ---- | C] () -- C:\Users\T\Desktop\Logo Faves Logo Inspiration Gallery.URL
[2012.04.10 11:03:42 | 000,000,132 | ---- | C] () -- C:\Users\T\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.04 16:41:57 | 000,001,456 | ---- | C] () -- C:\Users\T\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.02 12:52:51 | 000,007,602 | ---- | C] () -- C:\Users\T\AppData\Local\Resmon.ResmonCfg
[2012.03.28 21:52:57 | 000,041,883 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.03.26 21:41:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.26 21:41:34 | 000,029,009 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== Files - Unicode (All) ==========
[2012.07.03 13:09:05 | 000,000,073 | ---- | M] ()(C:\Users\T\Desktop\?Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL) -- C:\Users\T\Desktop\→Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL
[2012.07.03 13:09:05 | 000,000,073 | ---- | C] ()(C:\Users\T\Desktop\?Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL) -- C:\Users\T\Desktop\→Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL

< End of report >
         

--- --- ---

Extras.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 20.07.2012 14:13:30 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\T\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,41% Memory free
15,95 Gb Paging File | 13,14 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 369,36 Gb Free Space | 79,32% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 249,63 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
 
Computer Name: TOBI-BÜRO-SR | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0F5F24EF-91B6-4000-AC06-2493B83F54EA}C:\users\t\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\t\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{480FC51A-CD83-42AD-9E96-95D6C442D7E9}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{51B2C100-2570-495C-B9E6-26D9948EA533}C:\users\t\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\t\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{50D7BC93-959D-4B99-93E9-22EF19A2DB10}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{E91844D9-A676-4F0D-9BD5-94C671E35AEE}C:\users\t\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\t\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FC2270A3-2864-404E-A192-CD258517542A}C:\users\t\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\t\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.79
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{c83225a4-e65b-47d5-9d35-400b524cf4c0}" = Nero BackItUp 4 Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ESET Online Scanner" = ESET Online Scanner v3
"Fences" = Fences
"ffdshow_is1" = ffdshow [rev 1370] [2007-07-22]
"ImTOO SWF Converter 6" = ImTOO SWF Converter 6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"xampp" = XAMPP 1.7.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2012 10:31:40 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2012 12:09:34 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.07.2012 09:47:59 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 04:56:25 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 05:19:49 | Computer Name = Tobi-Büro-SR | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 20.07.2012 05:19:49 | Computer Name = Tobi-Büro-SR | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 20.07.2012 05:19:52 | Computer Name = Tobi-Büro-SR | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 20.07.2012 05:19:53 | Computer Name = Tobi-Büro-SR | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 20.07.2012 05:19:56 | Computer Name = Tobi-Büro-SR | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 20.07.2012 07:55:18 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 19.07.2012 12:02:21 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.07.2012 04:56:07 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   mv91xx
 
Error - 20.07.2012 05:08:29 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TrustedInstaller erreicht.
 
Error - 20.07.2012 05:11:51 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 20.07.2012 05:12:51 | Computer Name = Tobi-Büro-SR | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 20.07.2012 05:12:51 | Computer Name = Tobi-Büro-SR | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 20.07.2012 05:13:13 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 20.07.2012 07:52:31 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.07.2012 07:54:32 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   mv91xx
 
Error - 20.07.2012 07:58:02 | Computer Name = Tobi-Büro-SR | Source = HidBth | ID = 65540
Description = Die ursprüngliche Verbindung mit dem Bluetooth-HID-Gerät (00:07:61:65:78:92)
 ist fehlgeschlagen. Das Gerät wurde als persönliches bzw. paarweises Gerät entfernt.
 Sie müssen das Gerät erneut installieren.

 
< End of report >
         

--- --- ---



Ich dachte immer Java melde sich selbstständig wenn es ein Update gibt (Auto Updater)? Muss ich in Zukunft selbst drauf achten ob es Neuereungen gibt oder hing das ebenfalls mit einem Virus/etc zusammen?

Danke und viele Grüße

Tobias

Ja, das mit dem Java Updater ist immer so ne seltsame Sache und auch bei der Neuinstallation, werden ältere Versionen nicht deinstalliert, was mir bis heute ein Rätsel ist.

Man sollte sich niemals auf irgendwelche "Update-Software" verlassen. Ich prüfe Java und Adobe Software 1x im Monat manuell bzw bekomm ich es sowieso mit, weil ich die internen Anleitungen anpassen muss



Wenn du es nicht wirklich behalten willst, kannst du SUPERAntiSpyware deinstallieren.
( in meinen Augen eher Crap )



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code: Alles auswählenAufklappen

ATTFilter

Combofix /Uninstall
         

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.




Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hallo Daniel,

vielen Dank für die Hilfe (und auch für die guten Links).
Ich bin eigentlich relativ clever im Umgang mit dem Internet - zumindest dachte ich das ;-)

Ich wünsche dir eine gute Woche und sage nochmal DANKE!

Gruß

Tobias

Kann jeden Treffen.


Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen