Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.04.2012, 15:59   #1
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Icon23

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



so leute,

nachdem mir hier schon einmal vor ca. 2 jahren kompetent geholfen wurde (merci!), muss ich mich leider schon wieder an euch wenden.

ein bekannter hat meinen rechner vor ca. 6 monaten gewartet und mir den virenscanner "avast" aufgespielt, weil er den wohl ganz toll findet.

es lief nun ein paar monte einwandfrei, aber neulich fing der rechner an zu spinnen. symptom 1: das dvd-laufwerk war einfach weg. es war im explorer einfach verschwunden, tauchte zwar bei ca. jedem 5. rechnerstart wieder auf, aber prinzipell war es weg.
symptom 2: vor ein paar tagen war mein "HP solution center" verschwunden. ich kann zwar noch drucken, aber nicht mehr scannen. aha.
symptom 3: seit gestern hat es mir auch den adobe reader zerschossen. kein pdf ist mehr zu öffnen. neuinstallation hilft auch nichts.
naja und dann ist mir aufgefallen, dass das "avast"-symbol auf der taskleiste verschwunden ist. windows defender sagt auch "kein virenprogramm aktiv".
naja ich hab mal avira installiert und spybot laufen lassen, aber mangels wirklicher kenntnis, was ich da tue, habe ich nun lieber doch die anleitung bon diesem board befolgt und hier sind nun die logfiles:

(meine freundin hat ein ähnliches problem auf ihrem rechner, aber das folgt dann extra...)

dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Florian at 15:59:49 on 2012-04-17
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.1983.877 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\julitec\julitecCRM\julitecCONTACT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\florian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\florian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}\1427265696475627D2E45647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}\14962777F6C666 : DhcpNameServer = 192.168.178.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\florian\appdata\roaming\mozilla\firefox\profiles\x9tel1l1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-16 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-16 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-16 110032]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-11 51280]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-16 74640]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2012-1-30 8192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-12 1153368]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast5\avastsvc.exe" --> c:\program files\alwil software\avast5\AvastSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2011-2-16 573440]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2011-2-16 15616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-28 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-18 1343400]
.
=============== Created Last 30 ================
.
2012-04-17 08:46:29 -------- d-----w- c:\users\florian\.thumbnails
2012-04-17 08:45:01 -------- d-----w- c:\users\florian\.gimp-2.6
2012-04-17 08:23:58 -------- d-----w- c:\users\florian\appdata\roaming\Avira
2012-04-16 21:02:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-16 21:02:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 20:58:27 -------- d-----w- c:\program files\Foxit Software
2012-04-16 20:41:31 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-16 20:41:29 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-16 20:26:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-16 20:26:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-16 20:26:31 -------- d-----w- c:\programdata\Avira
2012-04-16 20:26:31 -------- d-----w- c:\program files\Avira
2012-04-16 04:51:11 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 19:35:17 -------- d--h--w- c:\programdata\Common Files
2012-04-13 05:43:59 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ca727b0c-3e65-467c-a7e0-c5e750aa7422}\mpengine.dll
2012-04-13 05:33:41 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 05:33:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 05:33:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 05:33:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-02 07:43:58 -------- d-----w- c:\program files\iPod
2012-04-02 07:43:56 -------- d-----w- c:\program files\iTunes
2012-03-27 09:36:15 -------- d-----w- c:\users\florian\appdata\roaming\julitec
2012-03-27 09:36:15 -------- d-----w- c:\users\florian\appdata\local\julitec
2012-03-27 09:35:57 -------- d-----w- c:\programdata\julitec
2012-03-27 09:35:57 -------- d-----w- c:\program files\julitec
2012-03-27 09:07:30 493056 ----a-w- c:\windows\system32\dhRichClient3.dll
2012-03-27 09:07:30 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll
2012-03-25 09:37:12 -------- d-----w- c:\users\florian\appdata\roaming\Samsung
2012-03-25 09:34:40 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2012-03-25 09:34:19 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-03-25 09:12:03 -------- d-----w- c:\programdata\WEBREG
2012-03-25 09:11:49 -------- d-----w- c:\users\florian\appdata\local\HP
2012-03-25 09:06:14 -------- d-----w- c:\program files\common files\HP
2012-03-25 09:06:10 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-03-25 09:03:46 307200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw72.dll
2012-03-25 09:01:45 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-03-25 09:01:44 737280 ----a-w- c:\windows\system32\hposwia_p01b.dll
2012-03-25 09:01:44 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-03-25 09:01:43 974848 ----a-w- c:\windows\system32\hpost_p01b.dll
2012-03-25 09:01:43 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2012-03-21 13:01:19 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-21 13:01:19 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-20 20:42:12 -------- d-----r- c:\users\florian\Dropbox
2012-03-20 20:39:22 -------- d-----w- c:\users\florian\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 18:09:15 8192 ----a-w- c:\windows\system32\srvany.exe
2012-01-30 18:09:15 151552 ----a-w- c:\windows\KMService.exe
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 16:01:02,02 ===============



attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 11.02.2011 20:35:05
System Uptime: 17.04.2012 11:22:19 (5 hours ago)
.
Motherboard: Quanta | | 30D1
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 59,112 GiB free.
D: is FIXED (NTFS) - 135 GiB total, 30,691 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&2175A365&0&2
Manufacturer: (Standard-USB-Hostcontroller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&2175A365&0&2
Service:
.
==== System Restore Points ===================
.
RP185: 13.04.2012 07:32:19 - Windows Update
RP186: 14.04.2012 08:29:25 - TouchCopy 11 wird entfernt
RP187: 15.04.2012 21:36:25 - TuneUp Utilities 2012 wird installiert
RP188: 15.04.2012 22:35:48 - Wiederherstellungsvorgang
RP189: 16.04.2012 06:50:17 - avast! Free Antivirus Setup
RP190: 16.04.2012 06:51:36 - avast! Free Antivirus Setup
RP191: 16.04.2012 18:09:40 - Wiederherstellungsvorgang
RP192: 16.04.2012 18:38:12 - Windows-Sicherung
RP193: 16.04.2012 21:38:44 - Windows-Sicherung
RP194: 16.04.2012 22:20:56 - Removed Adobe Reader X (10.0.1) - Deutsch.
RP195: 16.04.2012 22:22:53 - TuneUp Utilities 2012 wird entfernt
RP196: 16.04.2012 22:23:31 - TuneUp Utilities Language Pack (de-DE) wird entfernt
RP197: 16.04.2012 22:47:54 - Removed Adobe Reader X (10.1.3) - Deutsch.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bonjour
BufferChm
C5300
CDBurnerXP
Conexant HD Audio
Destinations
DeviceDiscovery
Dropbox
Foxit Reader 5.1
GIMP 2.6.12
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Quick Launch Buttons
HP QuickPlay 3.6
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
iCloud
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 23
julitecCRM 6.0
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 de)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA PhysX
PDFCreator
PlayReady PC Runtime x86
PS_AIO_04_C5300_Software_Min
QLBCASL
QuickPlay SlingPlayer 0.4.6
QuickTime
Real Alternative 2.0.2
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
VLC media player 1.1.5
WebReg
.
==== End Of File ===========================



gmer.txt

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-17 16:49:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: cww3hq49.exe; Driver: C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys


---- System - GMER 1.0.15 ----

SSDT 8CE53156 ZwCreateSection
SSDT 8CE53160 ZwRequestWaitReplyPort
SSDT 8CE5315B ZwSetContextThread
SSDT 8CE53165 ZwSetSecurityObject
SSDT 8CE5316A ZwSystemDebugControl
SSDT 8CE530F7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C51369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C91EAC 4 Bytes [56, 31, E5, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C92208 2 Bytes [60, 31]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1556 82C9220B 1 Byte [8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9224C 4 Bytes [5B, 31, E5, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C922C8 4 Bytes [65, 31, E5, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91A32340, 0x3EE217, 0xE8000020]
? C:\Users\Florian\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



wie auch immer ihr es schafft, damit etwas anzufangen: ich danke euch!

gruß

willi

Alt 17.04.2012, 16:01   #2
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



hi,
hatten avast oder avira funde? wenn ja, logs posten bitte
__________________

__________________

Alt 17.04.2012, 16:10   #3
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



Zitat:
Zitat von markusg Beitrag anzeigen
hi,
hatten avast oder avira funde? wenn ja, logs posten bitte
von avast kam nichts, aber ich weiß acuh nicht genau wann der sich verabschiedet hat.

von avira kam auch nix.

kann erst gg späten abend wieder ins board schauen, bedanke mich schon mal im voraus für alle beiträge -
__________________

Alt 17.04.2012, 16:14   #4
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.04.2012, 18:25   #5
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.04.2012 17:49:37 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Florian\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 55,70% Memory free
3,87 Gb Paging File | 2,65 Gb Available in Paging File | 68,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 59,13 Gb Free Space | 60,61% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found
DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M]
 
[2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions
[2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites
[2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com
[2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches
[2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw
[2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails
[2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6
[2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira
[2012.04.16 23:02:25 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.16 23:02:25 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.13 07:40:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 07:40:33 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 07:40:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 07:40:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 07:40:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 07:40:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec
[2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec
[2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM
[2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec
[2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec
[2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung
[2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP
[2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012.03.25 11:01:45 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012.03.25 11:01:44 | 000,737,280 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p01b.dll
[2012.03.25 11:01:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2012.03.25 11:01:43 | 000,974,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p01b.dll
[2012.03.25 11:01:43 | 000,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p01a.dll
[2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox
[2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.04.17 17:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.17 16:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe
[2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com
[2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable
[2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg
[2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.16 23:02:25 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.16 23:02:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat
[2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk
[2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe
[2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable
[2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg
[2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf
[2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat
[2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk
[2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm
[2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg
[2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited
[2012.04.17 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox
[2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo
[2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0
[2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec
[2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu
[2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org
[2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung
[2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer
[2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software
[2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Alt 17.04.2012, 18:28   #6
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



wieso wurde otl nicht wie beschrieben ausgeführt, mit script?
__________________
--> mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (

Alt 18.04.2012, 07:09   #7
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



ok hab ich wohl was falsch gemacht? sorry.

hier der nächste versuch mit "quick scan" (die anleitung widerspricht sich da ein bisschen?)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.04.2012 08:04:03 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Florian\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 55,80% Memory free
3,87 Gb Paging File | 2,59 Gb Available in Paging File | 66,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 59,15 Gb Free Space | 60,63% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found
DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M]
 
[2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions
[2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites
[2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com
[2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches
[2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw
[2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails
[2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6
[2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira
[2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec
[2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec
[2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM
[2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec
[2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec
[2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung
[2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP
[2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox
[2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.18 07:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.18 07:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe
[2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com
[2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable
[2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg
[2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat
[2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk
[2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe
[2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable
[2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg
[2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf
[2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat
[2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk
[2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm
[2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg
[2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited
[2012.04.17 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox
[2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo
[2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0
[2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec
[2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu
[2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org
[2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung
[2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer
[2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software
[2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

die datei "extras" finde ich nicht! hilfe!

aha, ich lese da was von "100sexlinks.com"

Alt 18.04.2012, 09:54   #8
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.04.2012, 12:52   #9
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



ok leute, ich bin offensichtlich zu doof.

also das mit combofix werde ich gleich machen, vorher aber nochmal ein versuch mit OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.04.2012 13:01:26 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Florian\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 59,42% Memory free
3,87 Gb Paging File | 2,63 Gb Available in Paging File | 67,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 58,90 Gb Free Space | 60,37% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found
DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M]
 
[2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions
[2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe
O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites
[2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com
[2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches
[2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw
[2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails
[2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6
[2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira
[2012.04.16 23:02:25 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.16 23:02:25 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.13 07:40:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 07:40:33 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 07:40:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 07:40:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 07:40:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 07:40:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec
[2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec
[2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM
[2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec
[2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec
[2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung
[2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP
[2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012.03.25 11:01:45 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012.03.25 11:01:44 | 000,737,280 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p01b.dll
[2012.03.25 11:01:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2012.03.25 11:01:43 | 000,974,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p01b.dll
[2012.03.25 11:01:43 | 000,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p01a.dll
[2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox
[2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.18 13:00:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.18 13:00:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe
[2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com
[2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable
[2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg
[2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.16 23:02:25 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.16 23:02:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat
[2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk
[2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe
[2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable
[2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg
[2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf
[2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat
[2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk
[2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm
[2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg
[2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited
[2012.04.18 13:00:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox
[2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo
[2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0
[2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec
[2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu
[2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org
[2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung
[2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer
[2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software
[2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< OTL logfile created on: 18.04.2012 08:04:03 - Run 2 >
 
< OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Florian\Desktop >
 
<  Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation >
 
< Internet Explorer (Version = 9.0.8112.16421) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 1,94 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 55,80% Memory free >
 
< 3,87 Gb Paging File | 2,59 Gb Available in Paging File | 66,91% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 97,56 Gb Total Space | 59,15 Gb Free Space | 60,63% Space Free | Partition Type: NTFS >
 
< Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user | Quick Scan >
 
< Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools) >
 
< PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) >
 
< PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - C:\Windows\KMService.exe () >
 
< PRC - C:\Windows\System32\srvany.exe () >
 
< PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) >
 
< PRC - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >
 
< PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) >
 
< PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
 
<   >
 
<   >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]
 
<   >
 
< MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () >
 
< MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () >
 
<   >
 
<   >
 
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found >
 
< SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found >
 
< SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) >
 
< SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) >
 
< SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) >
 
< SRV - (KMService) -- C:\Windows\System32\srvany.exe () >
 
< SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) >
 
< SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >
 
< SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) >
 
< SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) >
 
< SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) >
 
< SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) >
 
< SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) >
 
< SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) >
 
<   >
 
<   >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found >
 
< DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found >
 
< DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found >
 
< DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found >
 
< DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found >
 
< DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found >
 
< DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found >
 
< DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found >
 
< DRV - (massfilter) -- system32\drivers\massfilter.sys File not found >
 
< DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) >
 
< DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) >
 
< DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) >
 
< DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) >
 
< DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) >
 
< DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) >
 
< DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) >
 
< DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) >
 
< DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) >
 
< DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) >
 
< DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) >
 
< DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) >
 
< DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) >
 
< DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) >
 
< DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) >
 
< DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) >
 
< DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) >
 
< DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) >
 
< DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) >
 
< DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) >
 
< DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) >
 
< DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) >
 
< DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) >
 
< DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) >
 
< DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) >
 
< DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) >
 
< DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) >
 
< DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) >
 
< DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) >
 
< DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () >
 
<   >
 
<   >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]
 
<   >
 
< IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC >
 
<   >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ >
Invalid Switch: 
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp >
Invalid Switch: ?ocid=iehp
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01  [binary data] >
 
< IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC >
 
< IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local >
 
<   >
 
< ========== FireFox ========== >
Invalid Switch: color]
 
<   >
 
< FF - prefs.js..browser.search.defaultenginename: "Yahoo" >
 
< FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" >
 
< FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" >
 
< FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 >
 
< FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 >
 
< FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" >
 
< FF - user.js - File not found >
 
<   >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found >
Invalid Switch: iTunes,version=:  File not found
 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () >
Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
 
< FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) >
Invalid Switch: pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >
Invalid Switch: GENUINE: disabled File not found
 
< FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) >
Invalid Switch: NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) >
Invalid Switch: nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found >
Invalid Switch: nsJSRealPlayerPlugin;version=:  File not found
 
<   >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M] >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] >
 
<   >
 
< [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions >
 
< [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} >
 
< [2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions >
 
< [2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
 
< [2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll >
 
< [2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
 
< [2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
 
<   >
 
< O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1	www.007guard.com >
 
< O1 - Hosts: 127.0.0.1	007guard.com >
 
< O1 - Hosts: 127.0.0.1	008i.com >
 
< O1 - Hosts: 127.0.0.1	www.008k.com >
 
< O1 - Hosts: 127.0.0.1	008k.com >
 
< O1 - Hosts: 127.0.0.1	www.00hq.com >
 
< O1 - Hosts: 127.0.0.1	00hq.com >
 
< O1 - Hosts: 127.0.0.1	010402.com >
 
< O1 - Hosts: 127.0.0.1	www.032439.com >
 
< O1 - Hosts: 127.0.0.1	032439.com >
 
< O1 - Hosts: 127.0.0.1	www.0scan.com >
 
< O1 - Hosts: 127.0.0.1	0scan.com >
 
< O1 - Hosts: 127.0.0.1	1000gratisproben.com >
 
< O1 - Hosts: 127.0.0.1	www.1000gratisproben.com >
 
< O1 - Hosts: 127.0.0.1	1001namen.com >
 
< O1 - Hosts: 127.0.0.1	www.1001namen.com >
 
< O1 - Hosts: 127.0.0.1	100888290cs.com >
 
< O1 - Hosts: 127.0.0.1	www.100888290cs.com >
 
< O1 - Hosts: 127.0.0.1	www.100sexlinks.com >
 
< O1 - Hosts: 127.0.0.1	100sexlinks.com >
 
< O1 - Hosts: 127.0.0.1	10sek.com >
 
< O1 - Hosts: 127.0.0.1	www.10sek.com >
 
< O1 - Hosts: 127.0.0.1	www.1-2005-search.com >
 
< O1 - Hosts: 127.0.0.1	1-2005-search.com >
 
< O1 - Hosts: 127.0.0.1	123fporn.info >
 
< O1 - Hosts: 14798 more lines... >
 
< O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
 
< O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) >
 
< O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found >
 
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) >
 
< O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) >
 
< O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) >
 
< O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) >
 
< O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 >
 
< O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) >
 
< O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) >
 
< O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) >
 
< O13 - gopher Prefix: missing >
 
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 
< O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) >
Invalid Switch: jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 
< O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1 >
 
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) >
Invalid Switch: xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
 
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found >
Invalid Switch: pagefile) -  File not found
 
< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
 
< O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe >
 
< O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe >
 
< O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt >
 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
<   >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]
 
<   >
 
< [2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe >
 
< [2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites >
 
< [2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com >
 
< [2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches >
 
< [2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw >
 
< [2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails >
 
< [2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6 >
 
< [2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus >
 
< [2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira >
 
< [2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software >
 
< [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan >
 
< [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee >
 
< [2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan >
 
< [2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira >
 
< [2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys >
 
< [2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys >
 
< [2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys >
 
< [2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys >
 
< [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira >
 
< [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira >
 
< [2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi >
 
< [2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software >
 
< [2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files >
 
< [2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes >
 
< [2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod >
 
< [2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes >
 
< [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec >
 
< [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec >
 
< [2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM >
 
< [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec >
 
< [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec >
 
< [2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll >
 
< [2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung >
 
< [2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers >
 
< [2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG >
 
< [2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP >
 
< [2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant >
 
< [2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP >
 
< [2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard >
 
< [2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox >
 
< [2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox >
 
< [2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox >
 
<   >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]
 
<   >
 
< [2012.04.18 07:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job >
 
< [2012.04.18 07:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
 
< [2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe >
 
< [2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe >
 
< [2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com >
 
< [2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable >
 
< [2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe >
 
< [2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat >
 
< [2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat >
 
< [2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat >
 
< [2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat >
 
< [2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg >
 
< [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk >
 
< [2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys >
 
< [2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk >
 
< [2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT >
 
< [2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt >
 
< [2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat >
 
< [2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk >
 
< [2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk >
 
< [2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk >
 
<   >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]
 
<   >
 
< [2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe >
 
< [2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable >
 
< [2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe >
 
< [2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg >
 
< [2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job >
 
< [2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk >
 
< [2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf >
 
< [2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk >
 
< [2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll >
 
< [2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt >
 
< [2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys >
 
< [2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk >
 
< [2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat >
 
< [2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat >
 
< [2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk >
 
< [2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk >
 
< [2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm >
 
< [2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe >
 
< [2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe >
 
< [2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg >
 
< [2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe >
 
< [2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe >
 
< [2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini >
 
< [2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI >
 
< [2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI >
 
< [2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe >
 
< [2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI >
 
< [2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat >
 
< [2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin >
 
< [2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll >
 
<   >
 
< ========== LOP Check ========== >
Invalid Switch: color]
 
<   >
 
< [2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited >
 
< [2012.04.17 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox >
 
< [2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo >
 
< [2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0 >
 
< [2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec >
 
< [2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu >
 
< [2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org >
 
< [2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung >
 
< [2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer >
 
< [2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird >
 
< [2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software >
 
< [2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT >
 
<   >
 
< ========== Purity Check ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
<  >
 
< < End of report >
         

--- --- ---
>


< End of report >


und jetzt gibt es auch "extras":OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.04.2012 13:01:26 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Florian\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 59,42% Memory free
3,87 Gb Paging File | 2,63 Gb Available in Paging File | 67,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 58,90 Gb Free Space | 60,37% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{095FC6D2-DF7E-40C1-B4AF-FFB3EC472BEB}" = C5300
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{567C4A87-9029-4001-ACF1-CFC0717EC1A0}" = PS_AIO_04_C5300_Software_Min
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}" = HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Foxit Reader_is1" = Foxit Reader 5.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IrfanView" = IrfanView (remove only)
"julitecCRM_is1" = julitecCRM 6.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"RealAlt_is1" = Real Alternative 2.0.2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.12
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2011 19:04:13 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2491663
 
Error - 18.10.2011 19:04:13 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2491663
 
Error - 18.10.2011 19:04:14 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2011 19:04:14 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2492662
 
Error - 18.10.2011 19:04:14 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2492662
 
Error - 18.10.2011 19:04:15 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2011 19:04:15 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2493660
 
Error - 18.10.2011 19:04:15 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2493660
 
Error - 18.10.2011 19:04:16 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2011 19:04:16 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2494659
 
[ Media Center Events ]
Error - 16.02.2011 17:05:06 | Computer Name = Florian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
 Stick DVB-T Tuner (Dev1 Path0) 
 
Error - 16.02.2011 17:05:06 | Computer Name = Florian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) WinTV Nova-T
 Stick DVB-T Tuner (Dev1 Path0) 
 
Error - 16.02.2011 17:19:29 | Computer Name = Florian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80004005) WinTV Nova-T
 Stick DVB-T Tuner (Dev1 Path0) 
 
Error - 19.02.2011 18:04:57 | Computer Name = Florian-PC | Source = MCUpdate | ID = 0
Description = 23:04:57 - Fehler beim Herstellen der Internetverbindung.  23:04:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.02.2011 18:05:12 | Computer Name = Florian-PC | Source = MCUpdate | ID = 0
Description = 23:05:02 - Fehler beim Herstellen der Internetverbindung.  23:05:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 24.02.2012 03:21:24 | Computer Name = Florian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 25.02.2012 05:36:12 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Dnscache erreicht.
 
Error - 25.02.2012 10:41:48 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 25.02.2012 10:41:52 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 25.02.2012 10:41:52 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 0  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.02.2012 07:56:22 | Computer Name = Florian-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 29.02.2012 12:03:37 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 29.02.2012 12:03:37 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.02.2012 12:03:37 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.02.2012 13:16:29 | Computer Name = Florian-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
 
< End of report >
         
--- --- ---


war das jetzt korrekt? ich kümmere mich jetzt mal um combofix

Alt 18.04.2012, 13:06   #10
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



erstelle das combofix log bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.04.2012, 14:57   #11
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-17.01 - Florian 18.04.2012  13:59:20.1.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.1983.765 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-18 bis 2012-04-18  ))))))))))))))))))))))))))))))
.
.
2012-04-18 12:07 . 2012-04-18 13:43	--------	d-----w-	c:\users\Florian\AppData\Local\temp
2012-04-18 12:07 . 2012-04-18 12:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-18 08:02 . 2012-04-18 08:02	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{32692CD5-1094-4EE9-A511-CD95B338025B}\offreg.dll
2012-04-17 14:09 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{32692CD5-1094-4EE9-A511-CD95B338025B}\mpengine.dll
2012-04-17 08:46 . 2012-04-17 08:46	--------	d-----w-	c:\users\Florian\.thumbnails
2012-04-17 08:45 . 2012-04-17 08:46	--------	d-----w-	c:\users\Florian\.gimp-2.6
2012-04-17 08:23 . 2012-04-17 08:23	--------	d-----w-	c:\users\Florian\AppData\Roaming\Avira
2012-04-16 21:02 . 2012-04-16 21:02	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-16 21:02 . 2012-04-16 21:02	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-16 20:58 . 2012-04-16 20:58	--------	d-----w-	c:\program files\Foxit Software
2012-04-16 20:41 . 2012-04-16 20:41	--------	d-----w-	c:\programdata\McAfee
2012-04-16 20:41 . 2012-04-16 20:41	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-04-16 20:41 . 2012-04-17 08:35	--------	d-----w-	c:\program files\McAfee Security Scan
2012-04-16 20:26 . 2012-01-31 06:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-16 20:26 . 2012-01-31 06:56	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-16 20:26 . 2011-09-16 14:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-16 20:26 . 2012-04-16 20:26	--------	d-----w-	c:\programdata\Avira
2012-04-16 20:26 . 2012-04-16 20:26	--------	d-----w-	c:\program files\Avira
2012-04-16 04:51 . 2012-04-16 04:52	--------	d-----w-	c:\programdata\AVAST Software
2012-04-15 19:35 . 2012-04-15 19:35	--------	d--h--w-	c:\programdata\Common Files
2012-04-13 05:33 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-13 05:33 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-13 05:33 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-13 05:33 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-02 07:43 . 2012-04-02 07:43	--------	d-----w-	c:\program files\iPod
2012-04-02 07:43 . 2012-04-02 07:44	--------	d-----w-	c:\program files\iTunes
2012-03-27 09:36 . 2012-04-10 11:07	--------	d-----w-	c:\users\Florian\AppData\Local\julitec
2012-03-27 09:36 . 2012-03-27 09:36	--------	d-----w-	c:\users\Florian\AppData\Roaming\julitec
2012-03-27 09:35 . 2012-03-27 09:36	--------	d-----w-	c:\programdata\julitec
2012-03-27 09:35 . 2012-03-27 09:35	--------	d-----w-	c:\program files\julitec
2012-03-27 09:07 . 2011-05-13 11:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2012-03-27 09:07 . 2011-03-25 19:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
2012-03-25 09:37 . 2012-03-25 09:42	--------	d-----w-	c:\users\Florian\AppData\Roaming\Samsung
2012-03-25 09:34 . 2012-03-30 13:54	--------	d-----w-	c:\windows\system32\Samsung_USB_Drivers
2012-03-25 09:34 . 2006-07-24 14:05	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2012-03-25 09:12 . 2012-03-25 09:12	--------	d-----w-	c:\programdata\WEBREG
2012-03-25 09:11 . 2012-03-25 09:11	--------	d-----w-	c:\users\Florian\AppData\Local\HP
2012-03-25 09:08 . 2012-03-25 09:08	--------	d-----w-	c:\programdata\HP Product Assistant
2012-03-25 09:06 . 2012-03-25 09:06	--------	d-----w-	c:\program files\Common Files\HP
2012-03-25 09:06 . 2012-03-25 09:06	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2012-03-25 09:03 . 2009-07-14 01:15	307200	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzppw72.dll
2012-03-25 09:01 . 2009-07-08 10:51	452408	----a-w-	c:\windows\system32\hpzids01.dll
2012-03-25 09:01 . 2009-07-08 10:51	737280	----a-w-	c:\windows\system32\hposwia_p01b.dll
2012-03-25 09:01 . 2009-07-08 10:51	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2012-03-25 09:01 . 2009-07-08 10:51	974848	----a-w-	c:\windows\system32\hpost_p01b.dll
2012-03-25 09:01 . 2009-07-08 10:51	307200	----a-w-	c:\windows\system32\hposc_p01a.dll
2012-03-21 13:01 . 2012-03-21 13:01	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-21 13:01 . 2012-03-21 13:01	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-20 20:42 . 2012-04-17 08:19	--------	d-----r-	c:\users\Florian\Dropbox
2012-03-20 20:39 . 2012-04-18 11:00	--------	d-----w-	c:\users\Florian\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-09-14 19:07	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 10:15	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 10:15	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 10:15	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 10:15	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 10:15	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 10:15	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-01-30 18:09 . 2012-01-30 18:10	8192	----a-w-	c:\windows\system32\srvany.exe
2012-01-30 18:09 . 2012-01-30 18:10	151552	----a-w-	c:\windows\KMService.exe
2012-01-25 05:32 . 2012-03-14 10:15	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 10:15	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 10:15	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-21 13:01 . 2011-05-09 19:10	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=c:\windows\pss\WinTV Recording Status..lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01	319488	----a-w-	c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-19 17:27	468264	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2009-07-06 573440]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2009-07-06 15616]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-17 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-01-30 8192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\x9tel1l1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3728)
c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-18  15:46:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-18 13:46
.
Vor Suchlauf: 6 Verzeichnis(se), 66.002.010.112 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 66.257.920.000 Bytes frei
.
- - End Of File - - 54245BBF5D8108B3CB6CA71B147DFB23
         
--- --- ---

Alt 18.04.2012, 15:03   #12
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



öffne mal computer, c: qoobox
rechtsklick quarantain, mit einem archivierungsprogramm deiner wahl packen und im upload channel hochladen, wenn fertig, melden
Trojaner-Board Upload Channel
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.04.2012, 15:11   #13
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



mhm, klappt nicht : (
"0 WARNING Zugriff verweigert"
???

Alt 18.04.2012, 15:12   #14
markusg
/// Malware-holic
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



für welche datei, da steht sicher noch mehr, bitte den vollständigen text posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.04.2012, 15:12   #15
kingwilli
 
mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - Standard

mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (



stimmt!

1 C:\QooBox\BackEnv\

Antwort

Themen zu mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (
adobe, antivir, antivirus, antivirus se, avast, avira, bonjour, defender, desktop, error, excel, firefox, flash player, kompetent, locker, monte, mozilla, problem, programm, rundll, scan, schutz, security, security scan, software, svchost.exe, system, taskleiste, temp, windows



Ähnliche Themen: mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (


  1. Avast: "Eine Bedrohung wurde gefunden" eagl, was im Browser gemacht wird
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (11)
  2. Trojaner in "C:\Programme\Settings Manager\smdmf\" gefunden, lässt sich aber nicht entfernen
    Log-Analyse und Auswertung - 10.01.2015 (23)
  3. Virus oder Trojaner in "C:\Programme\Settings Manager\smdmf\" gefunden, lässt sich aber nicht entfernen
    Log-Analyse und Auswertung - 28.10.2014 (9)
  4. Unter "Programme und Features" werden fast keine Programme mehr angezeigt!
    Alles rund um Windows - 22.04.2014 (19)
  5. Programme und Dokumente lassen sich nicht öffnen, ständige "Anderungsanfragen" der Browser
    Plagegeister aller Art und deren Bekämpfung - 28.12.2013 (13)
  6. Infektion mit VLC (von VLC.de): Programme in Win8 "hängen" und Browser funktionieren nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (3)
  7. Laptop nach GVU-Trojaner Befall wieder am Laufen aber bestimmt noch nicht "sauber"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  8. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  9. Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?
    Log-Analyse und Auswertung - 10.03.2012 (25)
  10. Programme aus "Programme"-Ordner öffnen nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 20.03.2011 (1)
  11. "normale" Websiten öffnen sich plötzlich nicht mehr
    Alles rund um Windows - 02.06.2010 (1)
  12. Vista : Antiviren-Programme "funktioniert nicht mehr"
    Antiviren-, Firewall- und andere Schutzprogramme - 28.12.2009 (1)
  13. Brauche Hilfe! "cyber security" hat sich bei mir breit gemacht!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2009 (5)
  14. Programme reagieren nicht mehr, nach dem ich Virus "entfernt" habe.
    Log-Analyse und Auswertung - 08.01.2009 (0)
  15. exe-Programme laufen nicht mehr, kommt nur noch "öffnen mit"
    Log-Analyse und Auswertung - 07.11.2008 (0)
  16. Dateien "verfallen" und lassen sich nicht mehr öffnen!
    Log-Analyse und Auswertung - 19.11.2007 (1)
  17. PC "friert" nach kurzer Benutzung ein, Programme lassen sich nicht starten...
    Log-Analyse und Auswertung - 17.08.2006 (3)

Zum Thema mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( - so leute, nachdem mir hier schon einmal vor ca. 2 jahren kompetent geholfen wurde (merci!), muss ich mich leider schon wieder an euch wenden. ein bekannter hat meinen rechner vor - mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (...
Archiv
Du betrachtest: mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.