Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Care AV

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2013, 10:54   #1
Hogge
 
System Care AV - Standard

System Care AV



Tach User,

leider hat sich eien Freundin von mir die Ransomware System Care Antivirus eingefangen, trotz aktivem Panda. Scans und Logs hab ich schon, also bitte helft.

Grüße

Alt 17.05.2013, 11:24   #2
markusg
/// Malware-holic
 
System Care AV - Standard

System Care AV



Hi
habt ihr 2 pcs zur hand, dann starte den Betroffenen in den abgesicherten modus, und kopiere das erste Programm und Logs via stick.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 17.05.2013, 11:33   #3
Hogge
 
System Care AV - Standard

System Care AV



So?

Code:
ATTFilter
OTL logfile created on: 17.05.2013 11:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\martin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 84,34% Memory free
5,85 Gb Paging File | 5,48 Gb Available in Paging File | 93,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,99 Gb Total Space | 1,08 Gb Free Space | 2,69% Space Free | Partition Type: NTFS
Drive D: | 238,09 Gb Total Space | 218,01 Gb Free Space | 91,56% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 16,23 Gb Free Space | 81,15% Space Free | Partition Type: NTFS
Drive G: | 7,35 Gb Total Space | 7,35 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP-XF | User Name: martin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.17 10:58:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Desktop\OTL.exe
PRC - [2011.04.28 14:49:02 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 23:48:34 | 000,892,928 | ---- | M] (Kerio Technologies Inc.) [Auto | Stopped] -- C:\Programme\Kerio\UpdaterService\ktupdaterservice.exe -- (ktupdaterservice)
SRV - [2012.10.12 18:40:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.02 09:22:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.13 10:55:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.21 21:44:07 | 000,767,296 | ---- | M] (Panda Security, S.L.) [On_Demand | Stopped] -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe -- (PavReport)
SRV - [2011.01.13 16:33:15 | 000,325,440 | ---- | M] (Panda Security) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\PSCtrlS.exe -- (Panda Software Controller)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.30 16:06:30 | 000,255,296 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -- (PavAtScheduler)
SRV - [2010.09.30 16:04:34 | 000,439,616 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (PAVAGENTE)
SRV - [2010.08.16 13:32:47 | 000,027,968 | ---- | M] (Panda Software International) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\psksvc.exe -- (PskSvc)
SRV - [2010.07.14 18:42:27 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\pavsrvx86.exe -- (PavSrv)
SRV - [2010.06.25 11:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE -- (PsImSvc)
SRV - [2010.01.12 03:57:08 | 000,316,880 | ---- | M] () [Auto | Stopped] -- C:\Programme\OneClickInternet\WTGService.exe -- (WTGService)
SRV - [2009.12.24 12:21:28 | 000,111,536 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.15 12:00:02 | 000,352,256 | ---- | M] (Matrix42 AG) [Disabled | Stopped] -- C:\Windows\System32\EMPIRUM\SETUPSVC.EXE -- (SetupService)
SRV - [2009.10.01 14:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) [Auto | Stopped] -- C:\Programme\QUALCOMM\QDLService2k\QDLService2kSierra.exe -- (QDLService2kSierra)
SRV - [2009.07.27 18:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Stopped] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.09 10:25:40 | 000,062,760 | ---- | M] () [Auto | Stopped] -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService)
SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.01.15 13:42:14 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\pskmssvc.exe -- (PMShellSrv)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.14 10:48:18 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.07.12 12:40:44 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.11.27 05:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.11.01 17:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.10.26 12:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.10.01 11:47:10 | 000,201,728 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbnetsra2k.sys -- (qcusbnetsra2k)
DRV - [2009.10.01 11:47:10 | 000,106,368 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbsersra2k.sys -- (qcusbsersra2k)
DRV - [2009.10.01 11:47:10 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcfiltersra2k.sys -- (qcfiltersra2k)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.10 04:19:15 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.11 10:07:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.11.01 19:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006.11.01 19:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.18 17:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.04.30 17:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 09:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.15 14:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\mozilla\Extensions
[2012.08.24 16:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.24 16:54:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2012.05.02 09:22:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.02 09:22:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.02 09:22:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.02 09:22:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.02 09:22:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 09:22:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.02 09:22:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4 - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4 - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Panda Controller Client] C:\Program Files\Panda Software\AVTC\PSCtrlC.exe (Panda Security)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: DTAG-RF ([]file in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = x-berlin.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB129415-B4A7-4A17-AC43-B0C5CA461FF4}: DhcpNameServer = 192.168.27.10 192.168.27.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB40CBDA-C6D9-4885-BAE2-6A7979B2E0F1}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC83CD63-014A-410E-AF64-90584CE7D87B}: DhcpNameServer = 192.168.1.5
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 11:01:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\martin\Desktop\OTL.exe
[2013.05.16 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Apple
[2013.05.16 10:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sentinel
[2013.05.16 10:41:34 | 000,296,256 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2013.05.16 10:41:34 | 000,165,184 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2013.05.16 10:41:34 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.dll
[2013.05.16 10:41:34 | 000,062,784 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2013.05.16 10:41:34 | 000,055,096 | ---- | C] (Panda Security) -- C:\Windows\System32\drivers\npaflt.sys
[2013.05.16 10:41:34 | 000,017,608 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\rkpavproc.sys
[2013.05.16 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2013.05.15 14:59:24 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Macromedia
[2013.05.15 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Mozilla
[2013.05.15 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Mozilla
[2013.05.15 14:38:53 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Adobe
[2013.05.15 14:38:53 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Adobe
[2013.04.30 17:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.04.26 09:54:55 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\ElevatedDiagnostics
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 11:02:07 | 000,000,000 | ---- | M] () -- C:\Users\martin\defogger_reenable
[2013.05.17 11:02:03 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 11:02:03 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 11:02:03 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 11:02:03 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 10:59:20 | 000,377,856 | ---- | M] () -- C:\Users\martin\Desktop\gmer_2.1.19163.exe
[2013.05.17 10:58:52 | 000,050,477 | ---- | M] () -- C:\Users\martin\Desktop\Defogger.exe
[2013.05.17 10:58:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Desktop\OTL.exe
[2013.05.17 10:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 10:43:24 | 2356,584,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 10:17:22 | 000,022,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 10:17:22 | 000,022,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 10:41:47 | 000,043,667 | ---- | M] () -- C:\Windows\LpAVTC.XML
[2013.05.16 10:41:47 | 000,000,088 | ---- | M] () -- C:\Windows\LeAVTC.XML
[2013.05.16 10:41:35 | 000,000,022 | ---- | M] () -- C:\Windows\LoadConfig.ini
[2013.05.15 15:07:26 | 000,529,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.30 17:27:53 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.30 17:27:26 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013.04.26 09:57:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013.04.26 09:09:28 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 11:02:07 | 000,000,000 | ---- | C] () -- C:\Users\martin\defogger_reenable
[2013.05.17 11:01:44 | 000,377,856 | ---- | C] () -- C:\Users\martin\Desktop\gmer_2.1.19163.exe
[2013.05.17 11:01:44 | 000,050,477 | ---- | C] () -- C:\Users\martin\Desktop\Defogger.exe
[2013.05.16 10:41:34 | 000,000,019 | ---- | C] () -- C:\Windows\System32\pavversion.ini
[2013.04.30 17:27:53 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.30 17:27:26 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013.04.30 17:27:25 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
[2013.04.30 17:27:25 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2013.04.26 09:57:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012.07.20 09:56:50 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJPJ_L.DLL
[2012.07.20 09:56:01 | 000,000,564 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012.07.20 09:50:41 | 000,195,240 | ---- | C] () -- C:\Windows\hppins13.dat
[2012.07.20 09:50:41 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
[2012.07.20 09:50:15 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
[2012.05.03 12:25:47 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.05.03 12:24:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347Pl3.dll
[2012.05.03 12:23:51 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2011.06.01 11:05:06 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.01 11:05:06 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2070N.DAT
[2011.05.04 14:49:24 | 000,004,890 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 11:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\martin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 84,34% Memory free
5,85 Gb Paging File | 5,48 Gb Available in Paging File | 93,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,99 Gb Total Space | 1,08 Gb Free Space | 2,69% Space Free | Partition Type: NTFS
Drive D: | 238,09 Gb Total Space | 218,01 Gb Free Space | 91,56% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 16,23 Gb Free Space | 81,15% Space Free | Partition Type: NTFS
Drive G: | 7,35 Gb Total Space | 7,35 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP-XF | User Name: martin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141BCCB7-6A11-4D4F-9DDA-09F2B3295F2A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15AB6FE6-4814-4E23-B58D-6BB60B30BE50}" = lport=10043 | protocol=17 | dir=in | name=empirum softwaredepot push | 
"{16E93D71-0683-4DD7-A830-450F2A2971AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{1D8D3E6F-0178-4FAE-AD02-06F67C1AAD69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{2A67C556-CC89-41F0-A25A-F72F2F5B9F22}" = rport=137 | protocol=17 | dir=out | app=system | 
"{570F68E1-34F4-4D41-80C4-0FA0638A4F60}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6224DC9D-2354-49F9-9268-E18F75C5F246}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{9DAEF98F-D078-4070-940E-9FFE5B3E9968}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0A8FB9E-5730-478D-B843-4AA3438EFE3E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AE5A0A89-676F-4A9E-B073-68263D0EDE6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{B11EB5BF-8457-4BC6-A75B-4B8D9E39253B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B4E70CE2-057E-4F45-85E6-81FBBA4729B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B6987F94-D27F-4486-9684-73360077B243}" = lport=10043 | protocol=17 | dir=in | name=empirum softwaredepot push | 
"{B9C1F0EB-5E0B-4FE3-9AFA-E4280F51D68F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{D660ACB4-8919-491A-BA0A-F1A9F8BDD5EA}" = lport=10043 | protocol=17 | dir=in | name=empirum softwaredepot push | 
"{E5FFBF0E-A0F9-416A-9206-AEB315B5709B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FBA8147D-34A6-4521-B498-2B935EC8CA8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021DE6DE-E45D-49E4-98A0-CFCFA0ACBDB0}" = protocol=6 | dir=in | app=c:\windows\system32\empirum\swdepot.exe | 
"{1207A119-0300-481F-B035-551ECC2A84D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{167FA0DC-2495-4575-8030-A01D87B54992}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | 
"{2C184113-DC4A-4023-A88A-4AA1E7222614}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{4EA53FD2-4961-4E5B-8C61-1C059333C653}" = protocol=6 | dir=in | app=c:\windows\system32\empirum\swdepot.exe | 
"{5281BDE3-D052-4624-9E0F-9E06712026B2}" = protocol=17 | dir=in | app=c:\windows\system32\empirum\swdepot.exe | 
"{672D16AE-9F3A-4D27-A8D3-D77F14B7A5D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6920FFF9-414A-447F-9F26-B63EC7571C64}" = protocol=17 | dir=in | app=c:\windows\system32\empirum\swdepot.exe | 
"{70E6BB4C-881D-4107-BDA9-1336179DAAFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | 
"{730477C5-4564-4D4A-A3D0-4F786CC20579}" = protocol=17 | dir=in | app=c:\windows\system32\empirum\swdepot.exe | 
"{7BE03AF8-907A-4F82-9281-E97D1AD12E8A}" = dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | 
"{848A256D-4115-4F7F-8168-CC684B86C9AA}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{AD2F71B5-A7C6-4FEB-A364-D2E55FE17987}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{B797B2A5-1080-4C0C-A3A7-B9657BEE1FA0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BFE7573C-9F62-4939-A31D-7A68F5D9D951}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{DDEA1C29-E6F5-41FE-AB76-FD655DB673AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | 
"{EBE9559F-8626-495A-B758-CE08EE08B196}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | 
"{FE767CB4-F715-43C1-911A-7F274835A8EB}" = protocol=6 | dir=in | app=c:\windows\system32\empirum\swdepot.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0439D13F-C7CD-458A-90DE-44135CBD40B8}" = Bluetooth Feature Pack 5.0
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{150CF98D-039D-48D6-ACA8-2AEAE96EB24C}" = Kerio Outlook Connector (Offline Edition)
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CA23B341-7531-422D-AB77-21D4C58BB2FC}" = Kerio Updater Service
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{D34D82E0-4600-407B-9478-8506C1DD1031}" = Nero 7 Essentials
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7708742-E734-4BC1-BEEB-F200DE21C5FC}" = Qualcomm Gobi 2000 Package for Sierra
"7-Zip 4.65" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe Systems Incorporated Adobe Reader 9 - Deutsch 1.0" = Adobe Reader 9 - Deutsch 1.0
"AVTC" = Panda Security for Desktops
"Final Draft 5" = Final Draft 5
"Free Download Manager_is1" = Free Download Manager 3.0
"FTS DeskUpdate 4.11.0.0_all" = DeskUpdate 4.11.0.0_all
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager
"InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"matrix42 PM2Client" = PM2Client 12.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"OneClickInternet" = OneClick Internet
"Samsung ML-3470 Series" = Samsung ML-3470 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UTAX TA Product Library" = UTAX TA Product Library
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2013 08:37:17 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.05.2013 09:08:16 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.05.2013 09:22:19 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.05.2013 09:28:28 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.05.2013 09:30:20 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.05.2013 09:34:33 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.05.2013 04:08:37 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.05.2013 04:34:57 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 04:10:18 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 04:45:19 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.05.2012 03:35:28 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Panda Antivirus Service" wurde mit folgendem Fehler beendet:
   %%1
 
Error - 20.05.2012 05:42:32 | Computer Name = *** | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne *** aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 20.05.2012 05:42:33 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 20.05.2012 05:42:34 | Computer Name = *** | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 20.05.2012 05:43:19 | Computer Name = *** | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 20.05.2012 06:10:21 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Panda Antivirus Service" wurde mit folgendem Fehler beendet:
   %%1
 
Error - 20.05.2012 08:23:53 | Computer Name = *** | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne *** aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 20.05.2012 08:23:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 20.05.2012 08:23:54 | Computer Name = *** | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 20.05.2012 08:24:39 | Computer Name = *** | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 
< End of report >
         
__________________

Alt 17.05.2013, 11:39   #4
markusg
/// Malware-holic
 
System Care AV - Standard

System Care AV



hi
hast du selbst schon was gelöscht? ist das otl log aus demm betroffenen konto erstellt, falls nein, noch mal.
falls du schon was unternommen hast, was?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 12:15   #5
Hogge
 
System Care AV - Standard

System Care AV



Zitat:
Zitat von markusg Beitrag anzeigen
hi
hast du selbst schon was gelöscht? ist das otl log aus demm betroffenen konto erstellt, falls nein, noch mal.
falls du schon was unternommen hast, was?
Ups, Sorry. Ja, falsches Konto und ja, habe schon den Ordner in Appdata gelöscht, der wird aber immer wieder neu erstellt.

Scans folgen.

Danke schon mal!


Alt 17.05.2013, 12:20   #6
markusg
/// Malware-holic
 
System Care AV - Standard

System Care AV



bitte nichts mehr löschen.
__________________
--> System Care AV

Alt 17.05.2013, 12:51   #7
Hogge
 
System Care AV - Standard

System Care AV



Komisch, OTL erstellt jetzt keine Extra.txt mehr, nur die OTL.txt.

Code:
ATTFilter
OTL logfile created on: 17.05.2013 13:41:20 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\produktion\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 64,28% Memory free
5,85 Gb Paging File | 4,80 Gb Available in Paging File | 82,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,99 Gb Total Space | 0,89 Gb Free Space | 2,22% Space Free | Partition Type: NTFS
Drive D: | 238,09 Gb Total Space | 218,01 Gb Free Space | 91,56% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 16,23 Gb Free Space | 81,15% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-XF | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.17 10:58:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\produktion\Desktop\OTL.exe
PRC - [2013.05.10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe
PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.22 23:48:34 | 000,892,928 | ---- | M] (Kerio Technologies Inc.) -- C:\Programme\Kerio\UpdaterService\ktupdaterservice.exe
PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.08.01 16:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.04.28 14:49:02 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 14:35:56 | 000,058,688 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe
PRC - [2011.01.13 16:33:15 | 000,325,440 | ---- | M] (Panda Security) -- C:\Programme\Panda Software\AVTC\PSCtrlS.exe
PRC - [2010.09.30 16:06:30 | 000,255,296 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
PRC - [2010.09.30 16:04:34 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
PRC - [2010.08.16 13:32:47 | 000,027,968 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\psksvc.exe
PRC - [2010.07.16 13:11:56 | 000,152,896 | ---- | M] (Panda Security) -- C:\Programme\Panda Software\AVTC\PSCtrlC.exe
PRC - [2010.07.14 18:42:27 | 000,313,152 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Software\AVTC\pavsrvx86.exe
PRC - [2010.06.25 11:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE
PRC - [2010.05.28 12:42:33 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Software\AVTC\AVENGINE.EXE
PRC - [2010.01.12 03:57:08 | 000,316,880 | ---- | M] () -- C:\Programme\OneClickInternet\WTGService.exe
PRC - [2009.12.24 12:21:28 | 000,111,536 | ---- | M] (CSR, plc) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
PRC - [2009.12.24 12:21:18 | 000,346,512 | ---- | M] (CSR, plc) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
PRC - [2009.12.24 12:21:00 | 000,504,208 | ---- | M] (CSR, plc) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
PRC - [2009.11.26 09:35:12 | 000,128,360 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FDM7\FdmDaemon.exe
PRC - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.15 18:59:26 | 000,138,088 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2009.10.15 18:59:26 | 000,033,640 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Application Panel\BtnHnd.exe
PRC - [2009.10.15 18:59:26 | 000,017,256 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Application Panel\BtnHndHkb.exe
PRC - [2009.10.14 09:47:22 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009.10.09 21:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.10.01 14:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) -- C:\Programme\QUALCOMM\QDLService2k\QDLService2kSierra.exe
PRC - [2009.09.24 14:03:19 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.07.27 18:50:32 | 000,144,744 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\PSUtility\TrayManager.exe
PRC - [2009.07.27 18:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2008.10.09 10:25:40 | 000,062,760 | ---- | M] () -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe
PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.01.15 13:42:14 | 000,067,120 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\pskmssvc.exe
PRC - [2006.01.26 01:03:14 | 000,278,528 | ---- | M] (InterVideo Inc.) -- C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.09.24 14:03:19 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 23:48:34 | 000,892,928 | ---- | M] (Kerio Technologies Inc.) [Auto | Running] -- C:\Programme\Kerio\UpdaterService\ktupdaterservice.exe -- (ktupdaterservice)
SRV - [2012.10.12 18:40:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.02 09:22:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.09.13 10:55:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.21 21:44:07 | 000,767,296 | ---- | M] (Panda Security, S.L.) [On_Demand | Stopped] -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe -- (PavReport)
SRV - [2011.01.13 16:33:15 | 000,325,440 | ---- | M] (Panda Security) [Auto | Running] -- C:\Programme\Panda Software\AVTC\PSCtrlS.exe -- (Panda Software Controller)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.30 16:06:30 | 000,255,296 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -- (PavAtScheduler)
SRV - [2010.09.30 16:04:34 | 000,439,616 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (PAVAGENTE)
SRV - [2010.08.16 13:32:47 | 000,027,968 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Software\AVTC\psksvc.exe -- (PskSvc)
SRV - [2010.07.14 18:42:27 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Software\AVTC\pavsrvx86.exe -- (PavSrv)
SRV - [2010.06.25 11:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE -- (PsImSvc)
SRV - [2010.01.12 03:57:08 | 000,316,880 | ---- | M] () [Auto | Running] -- C:\Programme\OneClickInternet\WTGService.exe -- (WTGService)
SRV - [2009.12.24 12:21:28 | 000,111,536 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.15 12:00:02 | 000,352,256 | ---- | M] (Matrix42 AG) [Disabled | Stopped] -- C:\Windows\System32\EMPIRUM\SETUPSVC.EXE -- (SetupService)
SRV - [2009.10.01 14:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Programme\QUALCOMM\QDLService2k\QDLService2kSierra.exe -- (QDLService2kSierra)
SRV - [2009.07.27 18:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.09 10:25:40 | 000,062,760 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService)
SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.01.15 13:42:14 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Software\AVTC\pskmssvc.exe -- (PMShellSrv)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.14 10:48:18 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.07.12 12:40:44 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.11.27 05:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.11.01 17:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.10.26 12:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.10.01 11:47:10 | 000,201,728 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbnetsra2k.sys -- (qcusbnetsra2k)
DRV - [2009.10.01 11:47:10 | 000,106,368 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbsersra2k.sys -- (qcusbsersra2k)
DRV - [2009.10.01 11:47:10 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfiltersra2k.sys -- (qcfiltersra2k)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.10 04:19:15 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.11 10:07:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.11.01 19:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006.11.01 19:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.18 17:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.17 13:40:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 09:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.15 14:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\mozilla\Extensions
[2012.08.24 16:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.24 16:54:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2012.05.02 09:22:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.02 09:22:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.02 09:22:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.02 09:22:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.02 09:22:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 09:22:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.02 09:22:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4 - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4 - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Panda Controller Client] C:\Program Files\Panda Software\AVTC\PSCtrlC.exe (Panda Security)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: DTAG-RF ([]file in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = x-berlin.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB129415-B4A7-4A17-AC43-B0C5CA461FF4}: DhcpNameServer = 192.168.27.10 192.168.27.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB40CBDA-C6D9-4885-BAE2-6A7979B2E0F1}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC83CD63-014A-410E-AF64-90584CE7D87B}: DhcpNameServer = 192.168.1.5
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Apple
[2013.05.16 10:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sentinel
[2013.05.16 10:41:34 | 000,296,256 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2013.05.16 10:41:34 | 000,165,184 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2013.05.16 10:41:34 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.dll
[2013.05.16 10:41:34 | 000,062,784 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2013.05.16 10:41:34 | 000,055,096 | ---- | C] (Panda Security) -- C:\Windows\System32\drivers\npaflt.sys
[2013.05.16 10:41:34 | 000,017,608 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\rkpavproc.sys
[2013.05.16 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2013.05.15 14:59:24 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Macromedia
[2013.05.15 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Mozilla
[2013.05.15 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Mozilla
[2013.05.15 14:38:53 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Adobe
[2013.05.15 14:38:53 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Adobe
[2013.04.30 17:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.04.26 09:54:55 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\ElevatedDiagnostics
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 13:43:54 | 000,022,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 13:43:54 | 000,022,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 13:41:12 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 13:41:12 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 13:41:12 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 13:41:12 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 13:40:27 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013.05.17 13:36:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 13:36:12 | 2356,584,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 11:02:07 | 000,000,000 | ---- | M] () -- C:\Users\martin\defogger_reenable
[2013.05.16 10:41:47 | 000,043,667 | ---- | M] () -- C:\Windows\LpAVTC.XML
[2013.05.16 10:41:47 | 000,000,088 | ---- | M] () -- C:\Windows\LeAVTC.XML
[2013.05.16 10:41:35 | 000,000,022 | ---- | M] () -- C:\Windows\LoadConfig.ini
[2013.05.15 15:07:26 | 000,529,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.26 09:57:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013.04.26 09:09:28 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 11:02:07 | 000,000,000 | ---- | C] () -- C:\Users\martin\defogger_reenable
[2013.05.16 10:41:34 | 000,000,019 | ---- | C] () -- C:\Windows\System32\pavversion.ini
[2013.04.30 17:27:26 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013.04.30 17:27:25 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
[2013.04.30 17:27:25 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2013.04.26 09:57:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012.07.20 09:56:50 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJPJ_L.DLL
[2012.07.20 09:56:01 | 000,000,564 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012.07.20 09:50:41 | 000,195,240 | ---- | C] () -- C:\Windows\hppins13.dat
[2012.07.20 09:50:41 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
[2012.07.20 09:50:15 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
[2012.05.03 12:25:47 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.05.03 12:24:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347Pl3.dll
[2012.05.03 12:23:51 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2011.06.01 11:05:06 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.01 11:05:06 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2070N.DAT
[2011.05.04 14:49:24 | 000,004,890 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 17.05.2013, 13:14   #8
markusg
/// Malware-holic
 
System Care AV - Standard

System Care AV



ok mal im betroffenen konto, abges Modus:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 14:26   #9
Hogge
 
System Care AV - Standard

System Care AV



Code:
ATTFilter
ComboFix 13-05-16.02 - martin 17.05.2013  15:08:02.1.4 - x86 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2997.2445 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Panda Security for Desktops *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Security for Desktops *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***1\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***1\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***2\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***2\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***3\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***3\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***4\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***4\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***5\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***5\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***6\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***6\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***7\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***7\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***8\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***8\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***9\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***9\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***10\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***10\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***10_alt\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\***10_alt\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\***10_alt\Documents\~WRL0611.tmp
c:\users\***10_alt\Documents\~WRL1053.tmp
c:\users\***10_alt\Documents\~WRL2189.tmp
c:\users\***10_alt\Documents\~WRL4050.tmp
c:\windows\system32\D848.tmp
c:\windows\system32\EC2F.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))
.
.
2013-05-16 10:34 . 2013-05-16 10:34	--------	d-----w-	c:\users\***\AppData\Local\Apple
2013-05-16 08:41 . 2013-05-16 08:41	--------	d-----w-	c:\programdata\Sentinel
2013-05-16 08:41 . 2011-02-04 08:06	17608	----a-w-	c:\windows\system32\drivers\rkpavproc.sys
2013-05-16 08:41 . 2010-06-11 10:03	165184	----a-w-	c:\windows\system32\TpUtil.dll
2013-05-16 08:41 . 2010-06-11 10:02	296256	----a-w-	c:\windows\system32\PavSHook.dll
2013-05-16 08:41 . 2010-06-11 10:02	62784	----a-w-	c:\windows\system32\pavipc.dll
2013-05-16 08:41 . 2008-05-23 07:37	55096	----a-w-	c:\windows\system32\drivers\npaflt.sys
2013-05-16 08:41 . 2007-03-08 18:45	107568	----a-w-	c:\windows\system32\SYSTOOLS.dll
2013-05-16 08:41 . 2013-05-16 08:41	--------	d-----w-	c:\program files\Common Files\Cisco Systems
2013-05-16 08:20 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 13:03 . 2013-05-13 06:19	7016152	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{47F6E6E4-4226-4079-B3AB-A25719C6AB2C}\mpengine.dll
2013-05-15 12:58 . 2013-05-15 12:58	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2013-05-15 12:57 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:57 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:56 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 12:56 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 12:56 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 12:38 . 2013-05-15 12:38	--------	d-----w-	c:\users\***\AppData\Local\Adobe
2013-05-10 07:57 . 2013-05-10 07:57	49728	----a-w-	c:\windows\system32\AdobePDF.dll
2013-05-10 07:57 . 2013-05-10 07:57	25160	----a-w-	c:\windows\system32\AdobePDFUI.dll
2013-04-30 15:28 . 2013-04-30 16:03	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2013-04-30 15:28 . 2013-04-30 15:28	--------	d-----w-	c:\users\***1\AppData\Local\Adobe
2013-04-26 07:54 . 2013-04-26 07:54	--------	d-----w-	c:\users\***\AppData\Local\ElevatedDiagnostics
2013-04-26 07:48 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-26 07:48 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-26 07:48 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-26 07:48 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-26 07:38 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2013-04-26 07:37 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2013-04-26 07:37 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-04-26 07:37 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-26 07:36 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-26 07:32 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2013-04-26 07:32 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-04-26 07:24 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-04-26 07:24 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-26 07:24 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-04-26 07:24 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-04-26 07:23 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-26 07:23 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-04-26 07:21 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-04-26 07:21 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2013-04-26 07:21 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-04-26 07:17 . 2013-04-26 07:17	--------	d-----w-	c:\windows\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP
2013-04-26 07:15 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-04-26 07:15 . 2012-10-04 14:57	271360	----a-w-	c:\windows\system32\conhost.exe
2013-04-26 07:05 . 2013-04-26 07:06	--------	d-----w-	c:\users\***2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2011-04-28 12:46	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-03-12 16:47 . 2013-03-12 16:47	1409	----a-w-	c:\windows\Fonts\BCCOURB0.FOT
2013-03-12 16:47 . 2013-03-12 16:47	1409	----a-w-	c:\windows\Fonts\BCCOURI.FOT
2013-03-12 16:47 . 2013-03-12 16:47	1409	----a-w-	c:\windows\Fonts\BCCOUR.FOT
2013-03-12 16:47 . 2013-03-12 16:47	1409	----a-w-	c:\windows\Fonts\FINADHR.FOT
2013-03-12 16:46 . 2013-03-12 16:46	1409	----a-w-	c:\windows\Fonts\FINADHI.FOT
2013-03-12 16:46 . 2013-03-12 16:46	1409	----a-w-	c:\windows\Fonts\FINADHB.FOT
2013-02-22 16:24 . 2013-02-22 16:24	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-22 16:24 . 2013-02-22 16:25	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-22 16:24 . 2013-02-22 16:25	782240	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-02 07:22 . 2011-05-04 13:38	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 166936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-14 36712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 138088]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 33640]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-27 144744]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 128360]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 346512]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 504208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-24 614400]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-05-07 160840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"Panda Controller Client"="c:\program files\Panda Software\AVTC\PSCtrlC.exe" [2010-07-16 152896]
.
c:\users\***3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-4-28 278528]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2012-5-11 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSWDepot1]
SWDEPOT [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSWDepot3]
SWDEPOT [X]
.
R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [x]
R2 ktupdaterservice;Kerio Updater Service;c:\program files\Kerio\UpdaterService\ktupdaterservice.exe [x]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [x]
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [x]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
R2 PskSvc;Panda Kernel Service;c:\program files\Panda Software\AVTC\PskSvc.exe [x]
R2 QDLService2kSierra;Qualcomm Gobi 2000 Download Service (Sierra);c:\program files\QUALCOMM\QDLService2k\QDLService2kSierra.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
R2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [x]
R2 WTGService;WTGService;c:\program files\OneClickInternet\WTGService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 qcfiltersra2k;Gobi 2000 USB Composite Device Filter Driver(1199-9001);c:\windows\system32\DRIVERS\qcfiltersra2k.sys [x]
R3 qcusbnetsra2k;Gobi 2000 USB-NDIS miniport(1199-9001);c:\windows\system32\DRIVERS\qcusbnetsra2k.sys [x]
R3 qcusbsersra2k;Gobi 2000 USB Device for Legacy Serial Communication(1199-9001);c:\windows\system32\DRIVERS\qcusbsersra2k.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 SetupService;Empirum-Agent;c:\windows\system32\EMPIRUM\SetupSvc.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.1.5
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3pk0ms7.default\
FF - ExtSQL: 2013-04-30 17:26; web2pdfextension@web2pdf.adobedotcom; c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-RunSWDepot2 - SWDEPOT \\%EmpirumServer%\Configurator$\User\SwDepot.dds
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-17  15:14:23
ComboFix-quarantined-files.txt  2013-05-17 13:14
.
Vor Suchlauf: 3.970.789.376 Bytes frei
Nach Suchlauf: 4.656.529.408 Bytes frei
.
- - End Of File - - 707E65A18128CDA25612727A96E8E7E0
         

Alt 17.05.2013, 14:37   #10
markusg
/// Malware-holic
 
System Care AV - Standard

System Care AV



geht der normale modus wieder?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 14:57   #11
Hogge
 
System Care AV - Standard

System Care AV



Zitat:
Zitat von markusg Beitrag anzeigen
geht der normale modus wieder?
Friedhofsruhe! Ich hoffe das bleibt so.

Vielen Dank für die Geduld und die Hilfe!!


Alt 17.05.2013, 16:08   #12
markusg
/// Malware-holic
 
System Care AV - Standard

System Care AV



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu System Care AV
aktivem, antivirus, eingefangen, freundin, gefangen, gen, ransomware, scans, system, system care, system care antivirus, system care av, trotz




Ähnliche Themen: System Care AV


  1. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (22)
  2. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (4)
  3. System Care Antivirus im System
    Log-Analyse und Auswertung - 16.08.2013 (9)
  4. System Care Antivirus was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (3)
  5. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (25)
  6. System Care Antivirus auf PC
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (10)
  7. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (15)
  8. System Care Antivirus
    Log-Analyse und Auswertung - 25.06.2013 (33)
  9. System Care Antivirus
    Log-Analyse und Auswertung - 23.06.2013 (9)
  10. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (70)
  11. System Care Antivirus-OTL Log
    Log-Analyse und Auswertung - 31.05.2013 (15)
  12. System Care AV
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (17)
  13. System Care Antivir
    Log-Analyse und Auswertung - 09.05.2013 (13)
  14. System Care Antivirus Win XP
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (11)
  15. System Care Antivirus Win XP
    Mülltonne - 01.05.2013 (1)
  16. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (1)

Zum Thema System Care AV - Tach User, leider hat sich eien Freundin von mir die Ransomware System Care Antivirus eingefangen, trotz aktivem Panda. Scans und Logs hab ich schon, also bitte helft. Grüße - System Care AV...
Archiv
Du betrachtest: System Care AV auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.