bka trojaner 1.14 hat mein winxp befallen

klaus196 · 20.09.2012, 08:04

hier das otl....
computer läuft normal, es sind einige dokumente vom desktop gelöscht...
verschlüsselte daten sind noch vorhanden...

Code:

ATTFilter

OTL logfile created on: 20.09.2012 08:48:09 - Run 3
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\klaus.jama\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 72,98% Memory free
5,33 Gb Paging File | 4,34 Gb Available in Paging File | 81,38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 20,26 Gb Free Space | 27,19% Space Free | Partition Type: NTFS
Drive E: | 698,46 Gb Total Space | 296,42 Gb Free Space | 42,44% Space Free | Partition Type: FAT32
 
Computer Name: NBKLAUSJAMA-1 | User Name: klaus.jama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.18 14:51:33 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\OTL.exe
PRC - [2012.09.16 07:27:34 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012.03.20 10:51:57 | 000,021,416 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.02.29 18:29:02 | 000,459,784 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe
PRC - [2012.02.29 18:28:58 | 001,501,192 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.02.28 04:40:50 | 001,800,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\AVKClient\AVKCl.exe
PRC - [2012.02.28 04:02:06 | 001,554,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\AVKClient\AVKWCtl.exe
PRC - [2012.01.18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.01.04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.01.04 14:32:14 | 000,147,496 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe
PRC - [2011.10.18 22:02:24 | 000,456,736 | ---- | M] (Soluto) -- C:\Programme\Soluto\SolutoService.exe
PRC - [2011.08.24 10:00:42 | 000,409,600 | ---- | M] (Kaseya International Limited) -- C:\Programme\Kaseya\0PTRCS41496284544875\KaUsrTsk.exe
PRC - [2011.08.24 10:00:04 | 000,851,968 | ---- | M] (Kaseya International Limited) -- C:\Programme\Kaseya\0PTRCS41496284544875\AgentMon.exe
PRC - [2011.06.22 03:41:20 | 000,029,552 | ---- | M] (Gladinet, INC) -- C:\Programme\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
PRC - [2011.06.22 03:14:36 | 000,145,264 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\WOSVSSSvrXP32.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe
PRC - [2010.12.21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.06.30 10:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe
PRC - [2010.05.21 11:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe
PRC - [2010.05.21 11:39:22 | 001,026,560 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
PRC - [2010.05.07 12:08:38 | 000,093,184 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE
PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\starter4g.exe
PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\service4g.exe
PRC - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.09.06 14:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.08.20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.08.20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008.08.20 17:27:36 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008.08.20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008.08.20 17:09:12 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008.08.20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007.05.10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.20 08:42:38 | 000,115,137 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
MOD - [2012.09.18 23:35:36 | 001,811,456 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G Data\AVKScanP\Avast5\defs\12091802\algo.dll
MOD - [2012.09.16 07:27:32 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.13 12:29:37 | 002,845,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\1b77418a303d83913aa96fe6ee4559d3\PCGPreCompiled.ni.dll
MOD - [2012.05.13 12:29:35 | 000,186,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\56885fe9df4ee8bcfaef60d441c52432\PCGPrestoSerializer.ni.dll
MOD - [2012.03.20 10:51:57 | 000,021,416 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.08.24 09:59:24 | 000,135,168 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\LogParser.dll
MOD - [2011.08.24 09:59:18 | 000,131,072 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\KEventLog.dll
MOD - [2011.08.24 09:58:24 | 000,131,072 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\KAgentExt.dll
MOD - [2011.08.23 16:32:42 | 000,446,464 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\libkacm.dll
MOD - [2011.06.22 03:14:36 | 000,145,264 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\WOSVSSSvrXP32.exe
MOD - [2011.06.22 03:02:16 | 000,015,216 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\WOSMui.dll
MOD - [2011.06.22 03:02:12 | 000,079,728 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\zlib125.dll
MOD - [2011.06.22 03:02:00 | 000,292,720 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\sqlite3.dll
MOD - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe
MOD - [2011.03.02 17:17:18 | 000,603,136 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgcrypt-11.dll
MOD - [2011.03.02 17:16:20 | 000,208,384 | ---- | M] () -- C:\Programme\GNU\GnuPG\libksba-8.dll
MOD - [2011.03.02 17:16:08 | 000,073,216 | ---- | M] () -- C:\Programme\GNU\GnuPG\libassuan-0.dll
MOD - [2011.03.02 17:13:52 | 000,048,640 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgpg-error-0.dll
MOD - [2011.03.02 17:11:52 | 000,038,400 | ---- | M] () -- C:\Programme\GNU\GnuPG\libw32pth-0.dll
MOD - [2010.06.24 11:03:30 | 001,578,496 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\ncpgacc.dll
MOD - [2010.06.09 12:45:54 | 000,097,792 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPMIF32.DLL
MOD - [2010.05.07 12:08:38 | 000,093,184 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE
MOD - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
MOD - [2009.10.21 13:29:20 | 000,139,264 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPDLG.DLL
MOD - [2009.09.23 15:35:06 | 000,129,536 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NcpBudget2008.dll
MOD - [2009.09.06 14:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.08.20 17:10:50 | 000,200,704 | ---- | M] () -- C:\Programme\Intel\WiFi\bin\iWMSProv.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
MOD - [2004.07.20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.06.28 11:16:42 | 000,151,552 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPCFG.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.16 07:27:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.05 08:50:31 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.02.29 18:29:02 | 000,459,784 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.02.29 18:28:58 | 001,501,192 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.02.28 04:40:50 | 001,800,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\AVKClient\AVKCl.exe -- (AntiVirusKit Client)
SRV - [2012.02.28 04:02:06 | 001,554,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\AVKClient\AVKWCtl.exe -- (AVKWCtl)
SRV - [2012.02.28 03:59:06 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\AVKClient\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.18 22:02:24 | 000,456,736 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011.08.24 10:00:04 | 000,851,968 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Programme\Kaseya\0PTRCS41496284544875\AgentMon.exe -- (KA0PTRCS41496284544875)
SRV - [2011.06.22 03:41:20 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Programme\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.06.30 10:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt)
SRV - [2010.05.21 11:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg)
SRV - [2010.05.07 12:08:38 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE -- (NcpSec)
SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\WINDOWS\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.06 14:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.08.20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.08.20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2008.08.20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008.08.20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.18 14:29:25 | 000,052,216 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2012.06.18 14:29:21 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012.06.18 14:29:21 | 000,040,568 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012.06.18 14:29:21 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012.06.18 14:29:11 | 000,069,272 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2012.05.11 07:53:22 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.11.02 18:10:32 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.10.18 21:50:18 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2011.06.23 11:09:02 | 000,017,920 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
DRV - [2010.08.04 06:33:28 | 000,061,696 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2010.07.02 13:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp)
DRV - [2010.07.02 13:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP)
DRV - [2010.07.02 13:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt)
DRV - [2009.09.28 22:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.08.29 00:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.12.23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007.08.02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.08.02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.04.23 17:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.04.10 21:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.02.16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.01.16 11:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006.11.22 17:09:22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.10.05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005.08.01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 91 C0 0B E1 05 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B56635D2-7485-49B6-85F3-9EAB0E0DAF4F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012.02.14 10:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.16 07:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.09.03 15:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_11.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_11.0
 
[2011.11.02 17:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Extensions
[2012.09.13 07:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Firefox\Profiles\rfc3p0vw.default\extensions
[2012.04.30 13:52:40 | 000,003,941 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Firefox\Profiles\rfc3p0vw.default\searchplugins\gXverNTuDgXvssrJsNTu
[2012.07.16 09:12:42 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Firefox\Profiles\rfc3p0vw.default\searchplugins\oGjfLssqUoGjVn
[2012.07.31 12:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.16 07:27:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 07:27:28 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.19 09:23:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVK Client] C:\Programme\G Data\AVKClient\AVKCl.exe (G Data Software AG)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KASH0PTRCS41496284544875] C:\Programme\Kaseya\0PTRCS41496284544875\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [KiesHelper] C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\klaus.jama\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256658069250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ild-group.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4693966C-F27A-4969-BADC-BA0232CFA337}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/KLAUS~1.JAM/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.26 18:47:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.20 07:49:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.19 10:19:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.19 10:18:37 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\esetsmartinstaller_enu.exe
[2012.09.19 09:25:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.09.19 08:12:18 | 004,752,754 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\ComboFix.exe
[2012.09.19 07:35:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.09.19 07:27:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.19 07:27:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.19 07:27:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.19 07:27:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.19 07:27:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.19 07:27:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Startmenü\Programme\Verwaltung
[2012.09.19 07:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.18 16:19:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\aswMBR.exe
[2012.09.18 14:51:30 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\OTL.exe
[2012.09.14 15:52:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\Dropbox
[2012.09.14 15:51:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Eigene Dateien\Neuer Ordner
[2012.09.14 14:45:40 | 000,448,816 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\rannohdecryptor.exe
[2012.09.13 07:22:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Malwarebytes
[2012.09.13 07:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.13 07:21:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.13 07:21:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.13 07:21:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.12 13:11:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.04 10:29:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\UseNeXT
[2012.09.03 15:22:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.09.03 15:22:23 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.09.03 10:30:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2012.08.29 14:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\eggebrecht anton safkow
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 08:56:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.20 08:55:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FC1045D-8DAD-4D1A-A132-D01B23212E6A}.job
[2012.09.20 08:54:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A375F577-6969-4115-956F-4E4771D9E2A5}.job
[2012.09.20 08:53:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CE0BAAD5-A1CD-49A5-8CAA-0C04D1C52B7F}.job
[2012.09.20 08:53:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CDD7E22-5E6A-45B2-B31C-8D7446D529A1}.job
[2012.09.20 08:41:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.20 08:38:39 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2012.09.20 08:37:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.20 08:37:54 | 3747,573,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 08:34:44 | 000,556,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.20 08:34:44 | 000,505,790 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.20 08:34:44 | 000,117,546 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.20 08:34:44 | 000,089,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.19 12:10:12 | 000,799,585 | ---- | M] () -- C:\WINDOWS\System32\sig.bin
[2012.09.19 12:10:12 | 000,044,197 | ---- | M] () -- C:\WINDOWS\System32\nmp.map
[2012.09.19 10:18:45 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\esetsmartinstaller_enu.exe
[2012.09.19 09:23:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.19 08:12:09 | 004,752,754 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\ComboFix.exe
[2012.09.19 07:35:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.09.18 16:31:55 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\MBR.dat
[2012.09.18 14:59:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\aswMBR.exe
[2012.09.18 14:51:33 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\OTL.exe
[2012.09.18 14:49:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.18 09:08:55 | 000,001,479 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2012.09.18 09:08:54 | 000,019,320 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2012.09.14 15:52:23 | 000,001,031 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\Dropbox.lnk
[2012.09.13 07:22:00 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.12 11:16:26 | 000,448,816 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\rannohdecryptor.exe
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.05 09:15:47 | 000,027,648 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.05 08:50:30 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.09.05 08:50:29 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.09.04 12:00:30 | 000,001,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nitro Pro 7.lnk
[2012.09.03 15:22:49 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.09.03 10:30:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.09.03 08:25:12 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2012.09.03 08:24:18 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2012.08.24 18:24:25 | 000,816,518 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\qxLdjttEVqxndjjtoVq
 
========== Files Created - No Company Name ==========
 
[2012.09.19 07:35:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.09.19 07:35:12 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.09.19 07:27:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 07:27:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 07:27:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 07:27:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 07:27:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.18 16:22:35 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\MBR.dat
[2012.09.14 15:52:23 | 000,001,031 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\Dropbox.lnk
[2012.09.13 07:41:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr
[2012.09.13 07:22:00 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.04 12:00:30 | 000,001,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nitro Pro 7.lnk
[2012.09.04 12:00:28 | 000,001,888 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nitro Pro 7.lnk
[2012.09.04 11:13:29 | 3747,573,760 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.03 15:22:49 | 000,001,590 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.05.13 14:48:27 | 001,005,848 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.04.03 10:36:28 | 000,009,263 | ---- | C] () -- C:\WINDOWS\System32\UpdateAction_30032012.exe.dmp
[2012.03.19 17:14:38 | 000,000,646 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.02.27 11:45:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.15 09:19:54 | 000,559,362 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2172849378-3237517302-3047019274-1120-0.dat
[2012.02.15 07:51:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 11:24:10 | 000,270,318 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.01.02 11:45:50 | 000,000,383 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2011.12.13 07:13:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011.11.30 06:29:41 | 000,007,494 | ---- | C] () -- C:\WINDOWS\System32\Upd20111125.exe.dmp
[2011.11.26 22:17:24 | 000,001,205 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2011.11.25 20:24:20 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.11.25 20:12:08 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011.11.25 20:11:38 | 000,000,690 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011.11.25 19:56:23 | 000,127,878 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011.11.25 19:54:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011.11.25 19:53:49 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011.11.08 16:12:15 | 000,027,648 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.08 13:11:33 | 000,799,585 | ---- | C] () -- C:\WINDOWS\System32\sig.bin
[2011.11.03 07:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011.11.03 07:09:31 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2011.11.03 07:09:31 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2011.11.03 07:09:31 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT
[2011.10.24 09:25:55 | 000,000,094 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
 
========== ZeroAccess Check ==========
 

< End of report >

Hallo Schrauber,

gibt es die Möglichkeit jetzt die verschlüsselung aufzuheben???

gruß
klaus

schrauber · 20.09.2012, 08:35

Lass bitte noch einen OTL fix laufen hiermit:

Code:

ATTFilter

:OTL
[2012.08.24 18:24:25 | 000,816,518 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\qxLdjttEVqxndjjtoVq
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1
:Commands
[emptytemp]

und schau mal hier
http://www.trojaner-board.de/116851-...strojaner.html

klaus196 · 20.09.2012, 08:51

hab das gefühl, dass sich nichts tut...
er schreibt "killing processes. DO NOT INTERRUPT...

aber ich höre keine aktivität...

gruß klaus

schrauber · 20.09.2012, 09:00

Warte mal noch, wenn er es nicht tut nimm

:Commands
[emptytemp]

raus aus dem script und versuchs nochmal.

klaus196 · 20.09.2012, 09:28

so siehts jetzt aus:

Code:

ATTFilter

========== OTL ==========
C:\Dokumente und Einstellungen\klaus.jama\Desktop\qxLdjttEVqxndjjtoVq moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
 
OTL by OldTimer - Version 3.2.63.0 log created on 09202012_102411

schrauber · 20.09.2012, 09:32

GUt dann zur KOntrolle bitte ein frisches OTL log. Haste den Link von mir angeklickt und mal gelesen?

klaus196 · 20.09.2012, 09:45

hab ich gelesen. mit den verschlüsselungsprogrammen hab ich schon probiert. leider ohne erfolg, weil meine dateien keine endungen haben und in der größe minimal anders sind als die original dateien.
es werde gleich nochmal die sache mit schattenkopie versuchen...

hier erstmal das otl:

Code:

ATTFilter

OTL logfile created on: 20.09.2012 10:31:46 - Run 4
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\klaus.jama\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 76,48% Memory free
5,33 Gb Paging File | 4,35 Gb Available in Paging File | 81,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 20,23 Gb Free Space | 27,15% Space Free | Partition Type: NTFS
 
Computer Name: NBKLAUSJAMA-1 | User Name: klaus.jama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.18 14:51:33 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\OTL.exe
PRC - [2012.09.16 07:27:34 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012.03.20 10:51:57 | 000,021,416 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.02.29 18:29:02 | 000,459,784 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe
PRC - [2012.02.29 18:28:58 | 001,501,192 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.02.28 04:40:50 | 001,800,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\AVKClient\AVKCl.exe
PRC - [2012.02.28 04:02:06 | 001,554,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\AVKClient\AVKWCtl.exe
PRC - [2012.01.18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.01.04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.01.04 14:32:14 | 000,147,496 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe
PRC - [2011.10.18 22:02:24 | 000,456,736 | ---- | M] (Soluto) -- C:\Programme\Soluto\SolutoService.exe
PRC - [2011.08.24 10:00:42 | 000,409,600 | ---- | M] (Kaseya International Limited) -- C:\Programme\Kaseya\0PTRCS41496284544875\KaUsrTsk.exe
PRC - [2011.08.24 10:00:04 | 000,851,968 | ---- | M] (Kaseya International Limited) -- C:\Programme\Kaseya\0PTRCS41496284544875\AgentMon.exe
PRC - [2011.06.22 03:41:20 | 000,029,552 | ---- | M] (Gladinet, INC) -- C:\Programme\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
PRC - [2011.06.22 03:14:36 | 000,145,264 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\WOSVSSSvrXP32.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe
PRC - [2010.12.21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.06.30 10:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe
PRC - [2010.05.21 11:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe
PRC - [2010.05.21 11:39:22 | 001,026,560 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
PRC - [2010.05.07 12:08:38 | 000,093,184 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE
PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\starter4g.exe
PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\service4g.exe
PRC - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.09.06 14:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.08.20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.08.20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008.08.20 17:27:36 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008.08.20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008.08.20 17:09:12 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008.08.20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007.05.10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.20 08:42:38 | 000,115,137 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
MOD - [2012.09.18 23:35:36 | 001,811,456 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G Data\AVKScanP\Avast5\defs\12091802\algo.dll
MOD - [2012.09.16 07:27:32 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.13 12:29:37 | 002,845,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\1b77418a303d83913aa96fe6ee4559d3\PCGPreCompiled.ni.dll
MOD - [2012.05.13 12:29:35 | 000,186,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\56885fe9df4ee8bcfaef60d441c52432\PCGPrestoSerializer.ni.dll
MOD - [2012.03.20 10:51:57 | 000,021,416 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.08.24 09:59:24 | 000,135,168 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\LogParser.dll
MOD - [2011.08.24 09:59:18 | 000,131,072 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\KEventLog.dll
MOD - [2011.08.24 09:58:24 | 000,131,072 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\KAgentExt.dll
MOD - [2011.08.23 16:32:42 | 000,446,464 | ---- | M] () -- C:\Programme\Kaseya\0PTRCS41496284544875\libkacm.dll
MOD - [2011.06.22 03:14:36 | 000,145,264 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\WOSVSSSvrXP32.exe
MOD - [2011.06.22 03:02:16 | 000,015,216 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\WOSMui.dll
MOD - [2011.06.22 03:02:12 | 000,079,728 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\zlib125.dll
MOD - [2011.06.22 03:02:00 | 000,292,720 | ---- | M] () -- C:\Programme\Nuance\Nuance Cloud Connector\sqlite3.dll
MOD - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe
MOD - [2011.03.02 17:17:18 | 000,603,136 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgcrypt-11.dll
MOD - [2011.03.02 17:16:20 | 000,208,384 | ---- | M] () -- C:\Programme\GNU\GnuPG\libksba-8.dll
MOD - [2011.03.02 17:16:08 | 000,073,216 | ---- | M] () -- C:\Programme\GNU\GnuPG\libassuan-0.dll
MOD - [2011.03.02 17:13:52 | 000,048,640 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgpg-error-0.dll
MOD - [2011.03.02 17:11:52 | 000,038,400 | ---- | M] () -- C:\Programme\GNU\GnuPG\libw32pth-0.dll
MOD - [2010.06.24 11:03:30 | 001,578,496 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\ncpgacc.dll
MOD - [2010.06.09 12:45:54 | 000,097,792 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPMIF32.DLL
MOD - [2010.05.07 12:08:38 | 000,093,184 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE
MOD - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
MOD - [2009.10.21 13:29:20 | 000,139,264 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPDLG.DLL
MOD - [2009.09.23 15:35:06 | 000,129,536 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NcpBudget2008.dll
MOD - [2009.09.06 14:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.08.20 17:10:50 | 000,200,704 | ---- | M] () -- C:\Programme\Intel\WiFi\bin\iWMSProv.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
MOD - [2004.07.20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.06.28 11:16:42 | 000,151,552 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPCFG.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.16 07:27:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.05 08:50:31 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.02.29 18:29:02 | 000,459,784 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.02.29 18:28:58 | 001,501,192 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.02.28 04:40:50 | 001,800,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\AVKClient\AVKCl.exe -- (AntiVirusKit Client)
SRV - [2012.02.28 04:02:06 | 001,554,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\AVKClient\AVKWCtl.exe -- (AVKWCtl)
SRV - [2012.02.28 03:59:06 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\AVKClient\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.18 22:02:24 | 000,456,736 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011.08.24 10:00:04 | 000,851,968 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Programme\Kaseya\0PTRCS41496284544875\AgentMon.exe -- (KA0PTRCS41496284544875)
SRV - [2011.06.22 03:41:20 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Programme\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.06.30 10:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt)
SRV - [2010.05.21 11:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg)
SRV - [2010.05.07 12:08:38 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE -- (NcpSec)
SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\WINDOWS\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.06 14:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.08.20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.08.20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2008.08.20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008.08.20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.18 14:29:25 | 000,052,216 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2012.06.18 14:29:21 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012.06.18 14:29:21 | 000,040,568 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012.06.18 14:29:21 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012.06.18 14:29:11 | 000,069,272 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2012.05.11 07:53:22 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.11.02 18:10:32 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.10.18 21:50:18 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2011.06.23 11:09:02 | 000,017,920 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
DRV - [2010.08.04 06:33:28 | 000,061,696 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2010.07.02 13:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp)
DRV - [2010.07.02 13:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP)
DRV - [2010.07.02 13:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt)
DRV - [2009.09.28 22:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.08.29 00:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.12.23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007.08.02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.08.02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.04.23 17:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.04.10 21:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.02.16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.01.16 11:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006.11.22 17:09:22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.10.05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005.08.01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 91 C0 0B E1 05 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B56635D2-7485-49B6-85F3-9EAB0E0DAF4F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012.02.14 10:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.16 07:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.09.03 15:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_11.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_11.0
 
[2011.11.02 17:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Extensions
[2012.09.13 07:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Firefox\Profiles\rfc3p0vw.default\extensions
[2012.04.30 13:52:40 | 000,003,941 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Firefox\Profiles\rfc3p0vw.default\searchplugins\gXverNTuDgXvssrJsNTu
[2012.07.16 09:12:42 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Mozilla\Firefox\Profiles\rfc3p0vw.default\searchplugins\oGjfLssqUoGjVn
[2012.07.31 12:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.16 07:27:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 07:27:28 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.19 09:23:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVK Client] C:\Programme\G Data\AVKClient\AVKCl.exe (G Data Software AG)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KASH0PTRCS41496284544875] C:\Programme\Kaseya\0PTRCS41496284544875\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [KiesHelper] C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\klaus.jama\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256658069250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ild-group.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4693966C-F27A-4969-BADC-BA0232CFA337}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2A1FEB-BAB1-4473-8956-50D8B0DED45D}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/KLAUS~1.JAM/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.26 18:47:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.20 07:49:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.19 10:19:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.19 10:18:37 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\esetsmartinstaller_enu.exe
[2012.09.19 09:25:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.09.19 08:12:18 | 004,752,754 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\ComboFix.exe
[2012.09.19 07:35:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.09.19 07:27:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.19 07:27:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.19 07:27:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.19 07:27:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.19 07:27:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.19 07:27:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Startmenü\Programme\Verwaltung
[2012.09.19 07:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.18 16:19:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\aswMBR.exe
[2012.09.18 14:51:30 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\OTL.exe
[2012.09.14 15:52:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\Dropbox
[2012.09.14 15:51:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Eigene Dateien\Neuer Ordner
[2012.09.14 14:45:40 | 000,448,816 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\rannohdecryptor.exe
[2012.09.13 07:22:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\Malwarebytes
[2012.09.13 07:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.13 07:21:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.13 07:21:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.13 07:21:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.12 13:11:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.04 10:29:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Anwendungsdaten\UseNeXT
[2012.09.03 15:22:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.09.03 15:22:23 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.09.03 10:30:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2012.08.29 14:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\eggebrecht anton safkow
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 10:39:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A375F577-6969-4115-956F-4E4771D9E2A5}.job
[2012.09.20 10:38:02 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CE0BAAD5-A1CD-49A5-8CAA-0C04D1C52B7F}.job
[2012.09.20 10:38:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CDD7E22-5E6A-45B2-B31C-8D7446D529A1}.job
[2012.09.20 10:35:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FC1045D-8DAD-4D1A-A132-D01B23212E6A}.job
[2012.09.20 10:17:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.20 10:14:25 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2012.09.20 10:14:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.20 10:13:54 | 3747,573,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 08:56:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.20 08:34:44 | 000,556,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.20 08:34:44 | 000,505,790 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.20 08:34:44 | 000,117,546 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.20 08:34:44 | 000,089,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.19 12:10:12 | 000,799,585 | ---- | M] () -- C:\WINDOWS\System32\sig.bin
[2012.09.19 12:10:12 | 000,044,197 | ---- | M] () -- C:\WINDOWS\System32\nmp.map
[2012.09.19 10:18:45 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\esetsmartinstaller_enu.exe
[2012.09.19 09:23:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.19 08:12:09 | 004,752,754 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\ComboFix.exe
[2012.09.19 07:35:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.09.18 16:31:55 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\MBR.dat
[2012.09.18 14:59:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\aswMBR.exe
[2012.09.18 14:51:33 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\OTL.exe
[2012.09.18 14:49:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.18 09:08:55 | 000,001,479 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2012.09.18 09:08:54 | 000,019,320 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2012.09.14 15:52:23 | 000,001,031 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\Dropbox.lnk
[2012.09.13 07:22:00 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.12 11:16:26 | 000,448,816 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\rannohdecryptor.exe
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.05 09:15:47 | 000,027,648 | ---- | M] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.05 08:50:30 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.09.05 08:50:29 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.09.04 12:00:30 | 000,001,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nitro Pro 7.lnk
[2012.09.03 15:22:49 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.09.03 10:30:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.09.03 08:25:12 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2012.09.03 08:24:18 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.19 07:35:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.09.19 07:35:12 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.09.19 07:27:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 07:27:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 07:27:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 07:27:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 07:27:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.18 16:22:35 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\MBR.dat
[2012.09.14 15:52:23 | 000,001,031 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Desktop\Dropbox.lnk
[2012.09.13 07:41:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr
[2012.09.13 07:22:00 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.04 12:00:30 | 000,001,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nitro Pro 7.lnk
[2012.09.04 12:00:28 | 000,001,888 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nitro Pro 7.lnk
[2012.09.04 11:13:29 | 3747,573,760 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.03 15:22:49 | 000,001,590 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.05.13 14:48:27 | 001,005,848 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.04.03 10:36:28 | 000,009,263 | ---- | C] () -- C:\WINDOWS\System32\UpdateAction_30032012.exe.dmp
[2012.03.19 17:14:38 | 000,000,646 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.02.27 11:45:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.15 09:19:54 | 000,559,362 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2172849378-3237517302-3047019274-1120-0.dat
[2012.02.15 07:51:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 11:24:10 | 000,270,318 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.01.02 11:45:50 | 000,000,383 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2011.12.13 07:13:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011.11.30 06:29:41 | 000,007,494 | ---- | C] () -- C:\WINDOWS\System32\Upd20111125.exe.dmp
[2011.11.26 22:17:24 | 000,001,205 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2011.11.25 20:24:20 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.11.25 20:12:08 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011.11.25 20:11:38 | 000,000,690 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011.11.25 19:56:23 | 000,127,878 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011.11.25 19:54:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011.11.25 19:53:49 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011.11.08 16:12:15 | 000,027,648 | ---- | C] () -- C:\Dokumente und Einstellungen\klaus.jama\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.08 13:11:33 | 000,799,585 | ---- | C] () -- C:\WINDOWS\System32\sig.bin
[2011.11.03 07:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011.11.03 07:09:31 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2011.11.03 07:09:31 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2011.11.03 07:09:31 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT
[2011.10.24 09:25:55 | 000,000,094 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
 
========== ZeroAccess Check ==========
 

< End of report >

macht es sinn, den computer jetzt zu einem früheren zeitpunkt wiederherzustellen???

gruß klaus

schrauber · 20.09.2012, 10:01

Nee, Systemwiederherstellung bedeutet gleichzeitig Wiederherstellung der Malware.

Start > Ausführen

Combofix /Uninstall und Enter drücken. OTL öffnen und Cleanup Button drücken.

Wir wären soweit fertig, ich geb Dir noch was zu lesen mit auf den Weg. Melde Dich bitte wenn Du alles in dem Link (Schattenkopien usw) durch hast, wenns nicht geklappt hat mit Deinen Dateien frag ich mal rum ob es noch ne andere Option gibt.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

20.09.2012, 09:00	#34
schrauber /// the machine /// TB-Ausbilder	bka trojaner 1.14 hat mein winxp befallen Warte mal noch, wenn er es nicht tut nimm :Commands [emptytemp] raus aus dem script und versuchs nochmal. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

20.09.2012, 09:32	#36
schrauber /// the machine /// TB-Ausbilder	bka trojaner 1.14 hat mein winxp befallen GUt dann zur KOntrolle bitte ein frisches OTL log. Haste den Link von mir angeklickt und mal gelesen? __________________ --> bka trojaner 1.14 hat mein winxp befallen

bka trojaner 1.14 hat mein winxp befallen

Plagegeister aller Art und deren Bekämpfung: bka trojaner 1.14 hat mein winxp befallen