Firefox und IE funktionieren nach Kaspersky-Funden nicht mehr.

cosinus · 22.11.2012, 12:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

aupex · 22.11.2012, 15:36

Code:

ATTFilter

ComboFix 12-11-22.03 - Aupex 22.11.2012  14:59:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1746 [GMT 1:00]
ausgeführt von:: c:\users\Aupex\Desktop\trojanerboard\ComboFix.exe
AV: Kaspersky Security Suite CBE *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\users\Aupex\AppData\Local\Temp\_MEI57402\_ctypes.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\_elementtree.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\_hashlib.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\_socket.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\_ssl.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\pyexpat.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\pysqlite2._sqlite.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\python26.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\pythoncom26.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\PyWinTypes26.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\select.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\unicodedata.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32api.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\win32com.shell.shell.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32crypt.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\win32event.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32file.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32inet.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32pdh.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32process.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32profile.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32security.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\win32ts.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\windows._cacheinvalidation.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wx._controls_.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wx._core_.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\wx._gdi_.pyd
c:\users\Aupex\AppData\Local\temp\_MEI57402\wx._html2.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wx._misc_.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wx._windows_.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wx._wizard.pyd
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wxbase293u_net_vc.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wxbase293u_vc.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wxmsw293u_adv_vc.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wxmsw293u_core_vc.dll
c:\users\Aupex\AppData\Local\Temp\_MEI57402\wxmsw293u_html_vc.dll
c:\users\Aupex\AppData\Local\temp\_MEI57402\wxmsw293u_webview_vc.dll
c:\users\Aupex\AppData\Local\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
c:\users\Aupex\AppData\Roaming\AcroIEHelpe.txt
c:\windows\system32\~.inf
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
C:\zip.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-22 bis 2012-11-22  ))))))))))))))))))))))))))))))
.
.
2012-11-22 14:11 . 2012-11-22 14:23	--------	d-----w-	c:\users\Aupex\AppData\Local\temp
2012-11-22 14:11 . 2012-11-22 14:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-22 14:11 . 2012-11-22 14:11	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-22 14:11 . 2012-11-22 14:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-22 14:11 . 2012-11-22 14:11	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-11-20 15:26 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FB319D0-8551-499E-86EF-6D819096699A}\mpengine.dll
2012-11-14 15:14 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 15:14 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-10 16:32 . 2012-11-10 16:32	--------	d-----w-	c:\program files\Common Files\Canon_Inc_IC
2012-11-10 16:31 . 2012-11-10 16:31	--------	d-----w-	c:\programdata\Canon_Inc_IC
2012-11-06 19:42 . 2012-11-06 19:42	--------	d-----w-	c:\program files\Alan Hadley
2012-11-02 17:26 . 2012-11-02 17:26	--------	d-----w-	c:\program files\Common Files\Borland Shared
2012-11-02 17:26 . 2012-11-02 17:26	--------	d-----w-	c:\program files\ERGO SOFT
2012-11-02 17:19 . 2012-11-02 17:19	--------	d-----w-	c:\users\Aupex\AppData\Local\ErgoFAKT
2012-11-02 17:17 . 2012-11-02 17:17	--------	d-----w-	c:\programdata\ErgoFAKT
2012-10-25 18:49 . 2012-10-25 18:49	--------	d-----w-	c:\users\Aupex\AppData\Roaming\inkscape
2012-10-25 09:45 . 2012-10-25 10:20	--------	d-sh--w-	c:\users\Aupex\AppData\Local\.#
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 14:19 . 2011-07-26 10:42	6504151	----a-w-	c:\windows\system32\~.tmp
2012-10-09 06:32 . 2012-04-02 06:28	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 06:32 . 2011-05-17 14:43	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-01-31 17:02	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 17:34	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 17:33	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 17:33	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 17:34	172544	----a-w-	c:\windows\system32\wintrust.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-10-08 08:28 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16455_none_d319def060227a5d\mshtml.dll
[7] 2012-10-08 . F7B251DA2FA89933771289793DCAA08B . 12321280 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20562_none_d395aaf1794aea13\mshtml.dll
[7] 2012-08-24 . 975D1EA99A0FE8104B72440995B3C20B . 12319744 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20557_none_d3a57c4f793e4cd5\mshtml.dll
[7] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16450_none_d314dd7e6026fbaa\mshtml.dll
[7] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16448_none_d327afba6017aa71\mshtml.dll
[7] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20554_none_d3a27b71794100d0\mshtml.dll
[7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16447_none_d326af706018911a\mshtml.dll
[7] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20553_none_d3a17b277941e779\mshtml.dll
[7] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16446_none_d325af26601977c3\mshtml.dll
[7] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20551_none_d39f7a937943b4cb\mshtml.dll
[7] 2012-04-21 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16441_none_d320adb4601df910\mshtml.dll
[7] 2012-02-28 . 6758A38197024E71F71FFF507A1AD2F1 . 5980672 . . [8.00.6001.23318] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23318_none_f6b2e34b5115671c\mshtml.dll
[7] 2012-02-28 . 5F25D5561F5BDA32EDE1193EC01529BF . 5978624 . . [8.00.6001.19222] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19222_none_f61874d838054b39\mshtml.dll
[7] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16443_none_d322ae48601c2bbe\mshtml.dll
[7] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20548_none_d3b14c8579354a3b\mshtml.dll
[7] 2011-12-15 . 0FB4CBF8B6F2407B821266F80C4EAA88 . 5980160 . . [8.00.6001.23286] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23286_none_f665315d514ffade\mshtml.dll
[7] 2011-12-15 . 62CA6A044EE909202D74C138012DD9AF . 5979136 . . [8.00.6001.19190] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19190_none_f5cac2ea383fdefb\mshtml.dll
[7] 2011-11-03 . D4D63FCD03E8B58D5F1DDE6D64E0FF1B . 5978624 . . [8.00.6001.23266] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23266_none_f67ad135513fc2fc\mshtml.dll
[7] 2011-11-03 . 73D666A49DEC07192D7D1C367A142333 . 5978112 . . [8.00.6001.19170] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19170_none_f5e062c2382fa719\mshtml.dll
[7] 2011-09-30 . 59CC0E3A960D0B8A4BBDB6FC65340EB9 . 5972992 . . [8.00.6001.23250] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23250_none_f67f9f65513d0f01\mshtml.dll
[7] 2011-09-30 . 7E6C9B54B10123EA983ECDF7FBFFEA86 . 5971456 . . [8.00.6001.19154] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19154_none_f5fa03c2381bd493\mshtml.dll
[7] 2011-07-23 . 8DF22BFA121C76BF1EE346AB9F12F360 . 5971456 . . [8.00.6001.23216] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23216_none_f6b0e0d151173747\mshtml.dll
[7] 2011-07-23 . CAB330223469AC16EDB4863DF4C9976B . 5969920 . . [8.00.6001.19120] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19120_none_f616725e38071b64\mshtml.dll
[7] 2011-05-28 . 7AF8A6DB4596E3BB3309BABA661EB523 . 5967360 . . [8.00.6001.23181] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23181_none_f6602e0551547f04\mshtml.dll
[7] 2011-05-28 . 6D1E32A3C964BAF06B7973E7B18E3212 . 5964800 . . [8.00.6001.19088] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19088_none_f5dd93403830909b\mshtml.dll
.
c:\windows\System32\mshtml.dll ... Fehlt !!
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55	155416	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01	284160	----a-w-	c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\suparaasyp\SUPERAntiSpyware.exe" [2012-11-06 4763008]
"KiesPDLR"="d:\program files\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-22 21392]
"KiesHelper"="d:\program files\Kies\KiesHelper.exe" [2012-02-22 943504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 227840]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"TrayServer"="d:\program files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe" [2008-08-07 90112]
"AVP"="d:\program files\Kaspersky Security Suite CBE 12\avp.exe" [2012-04-10 202296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\suparaasyp\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	d:\program files\suparaasyp\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Aupex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 16:09	357800	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-02-22 05:57	943504	----a-w-	d:\program files\kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-02-22 05:57	3508624	----a-w-	d:\program files\kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52	1234216	----a-w-	d:\program files\nero10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 11:22	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 !SASCORE;SAS Core Service;d:\program files\suparaasyp\SASCORE.EXE [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:32]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - d:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Alles mit FDM herunterladen - file://d:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\program files\Free Download Manager\dllink.htm
IE: Download with Xilisoft Download YouTube Video - d:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Free YouTube to Mp3 Converter - c:\users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - d:\program files\Kaspersky Security Suite CBE 12\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\program files\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2009-07-01 18:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-CloneCDTray - d:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-SpybotSD TeaTimer - d:\program files\Spybot2\TeaTimer.exe
AddRemove-01_Simmental - d:\program files\kies\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\program files\kies\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\program files\kies\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\program files\kies\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\program files\kies\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\program files\kies\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\program files\kies\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\program files\kies\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\program files\kies\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\program files\kies\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\program files\kies\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\program files\kies\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\program files\kies\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\program files\kies\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\program files\kies\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\program files\kies\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\program files\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\program files\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-22 15:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(5632)
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\CbFsNetRdr3.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Tablet\Pen\Pen_TouchService.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Update\NASvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
d:\program files\Sandboxie\SbieSvc.exe
d:\program files\Secunia\PSI\sua.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-22  15:30:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-22 14:29
ComboFix2.txt  2011-06-08 13:24
ComboFix3.txt  2011-06-08 10:30
.
Vor Suchlauf: 740.704.256 Bytes frei
Nach Suchlauf: 1.735.602.176 Bytes frei
.
- - End Of File - - E0CBC1CDF39B843442B0DC76D82AB026

Allerdings ist der Laptop beim Scannen einmal heruntergefahren und beim Neustart hat sich Kaspersky und SAS wieder eingeschaltet. Fehlermeldung : Irgendwas mit Error starting Childprocess.

Gruß

cosinus · 22.11.2012, 17:45

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\users\Aupex\AppData\Local\.#
c:\windows\system32\~.tmp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

aupex · 22.11.2012, 20:37

Diesmal gabs keinen Neustart...

Code:

ATTFilter

ComboFix 12-11-22.03 - Aupex 22.11.2012  20:22:06.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1705 [GMT 1:00]
ausgeführt von:: c:\users\Aupex\Desktop\trojanerboard\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Aupex\Desktop\trojanerboard\cfscript.txt
AV: Kaspersky Security Suite CBE *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aupex\4.0
c:\users\Aupex\AppData\Local\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-22 bis 2012-11-22  ))))))))))))))))))))))))))))))
.
.
2012-11-22 19:32 . 2012-11-22 19:32	--------	d-----w-	c:\users\Aupex\AppData\Local\temp
2012-11-22 19:32 . 2012-11-22 19:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-22 19:32 . 2012-11-22 19:32	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-22 19:32 . 2012-11-22 19:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-22 19:32 . 2012-11-22 19:32	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-11-20 15:26 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FB319D0-8551-499E-86EF-6D819096699A}\mpengine.dll
2012-11-14 15:14 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 15:14 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-10 16:32 . 2012-11-10 16:32	--------	d-----w-	c:\program files\Common Files\Canon_Inc_IC
2012-11-10 16:31 . 2012-11-10 16:31	--------	d-----w-	c:\programdata\Canon_Inc_IC
2012-11-06 19:42 . 2012-11-06 19:42	--------	d-----w-	c:\program files\Alan Hadley
2012-11-02 17:26 . 2012-11-02 17:26	--------	d-----w-	c:\program files\Common Files\Borland Shared
2012-11-02 17:26 . 2012-11-02 17:26	--------	d-----w-	c:\program files\ERGO SOFT
2012-11-02 17:19 . 2012-11-02 17:19	--------	d-----w-	c:\users\Aupex\AppData\Local\ErgoFAKT
2012-11-02 17:17 . 2012-11-02 17:17	--------	d-----w-	c:\programdata\ErgoFAKT
2012-10-25 18:49 . 2012-10-25 18:49	--------	d-----w-	c:\users\Aupex\AppData\Roaming\inkscape
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 14:19 . 2011-07-26 10:42	6504151	----a-w-	c:\windows\system32\~.tmp
2012-10-09 06:32 . 2012-04-02 06:28	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 06:32 . 2011-05-17 14:43	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-01-31 17:02	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 17:34	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 17:33	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 17:33	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55	155416	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 14:45	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01	284160	----a-w-	c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\suparaasyp\SUPERAntiSpyware.exe" [2012-11-06 4763008]
"KiesPDLR"="d:\program files\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-22 21392]
"KiesHelper"="d:\program files\Kies\KiesHelper.exe" [2012-02-22 943504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 227840]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"TrayServer"="d:\program files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe" [2008-08-07 90112]
"AVP"="d:\program files\Kaspersky Security Suite CBE 12\avp.exe" [2012-04-10 202296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\suparaasyp\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	d:\program files\suparaasyp\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Aupex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 16:09	357800	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-02-22 05:57	943504	----a-w-	d:\program files\kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-02-22 05:57	3508624	----a-w-	d:\program files\kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52	1234216	----a-w-	d:\program files\nero10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 11:22	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 !SASCORE;SAS Core Service;d:\program files\suparaasyp\SASCORE.EXE [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:32]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - d:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Alles mit FDM herunterladen - file://d:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\program files\Free Download Manager\dllink.htm
IE: Download with Xilisoft Download YouTube Video - d:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Free YouTube to Mp3 Converter - c:\users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\program files\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2009-07-01 18:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-22 20:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(4920)
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\CbFsNetRdr3.dll
.
Zeit der Fertigstellung: 2012-11-22  20:34:54
ComboFix-quarantined-files.txt  2012-11-22 19:34
ComboFix2.txt  2012-11-22 14:30
ComboFix3.txt  2011-06-08 13:24
ComboFix4.txt  2011-06-08 10:30
.
Vor Suchlauf: 1.463.181.312 Bytes frei
Nach Suchlauf: 1.241.550.848 Bytes frei
.
- - End Of File - - AB4527F8029936A85D0A2944D220DBA2

cosinus · 22.11.2012, 20:55

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

aupex · 23.11.2012, 06:04

Code:

ATTFilter

# AdwCleaner v2.008 - Datei am 23/11/2012 um 06:03:34 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Aupex - STEFANLAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aupex\Desktop\trojanerboard\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\DAEMON Tools Toolbar
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Aupex\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gefunden : HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.5 (de)

Profilname : default 
Datei : C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3155 octets] - [23/11/2012 06:03:34]

########## EOF - C:\AdwCleaner[R1].txt - [3215 octets] ##########

cosinus · 23.11.2012, 13:55

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

aupex · 23.11.2012, 17:22

Adw Log:

Code:

ATTFilter

# AdwCleaner v2.008 - Datei am 23/11/2012 um 14:54:58 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Aupex - STEFANLAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aupex\Desktop\trojanerboard\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Aupex\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.5 (de)

Profilname : default 
Datei : C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3284 octets] - [23/11/2012 06:03:34]
AdwCleaner[S1].txt - [2893 octets] - [23/11/2012 14:54:58]

########## EOF - C:\AdwCleaner[S1].txt - [2953 octets] ##########

OTL.TXT

Code:

ATTFilter

OTL logfile created on: 23.11.2012 15:18:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aupex\Desktop\trojanerboard
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,61% Memory free
10,72 Gb Paging File | 9,23 Gb Available in Paging File | 86,04% Paging File free
Paging file location(s): d:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 41,12 Gb Total Space | 1,70 Gb Free Space | 4,14% Space Free | Partition Type: NTFS
Drive D: | 185,90 Gb Total Space | 1,61 Gb Free Space | 0,87% Space Free | Partition Type: NTFS
Drive E: | 523,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFANLAPTOP | User Name: Aupex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Aupex\Desktop\trojanerboard\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\suparaasyp\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Google\Drive\googledrivesync.exe (Google)
PRC - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - D:\Program Files\suparaasyp\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Program Files\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
PRC - D:\Program Files\kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - d:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
PRC - C:\Programme\Bamboo Dock\BambooCore.exe ()
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - d:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - d:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32api.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\_elementtree.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\_socket.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32ts.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32com.shell.shell.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._gdi_.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._html2.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32crypt.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\_ctypes.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32profile.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._misc_.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\pythoncom26.dll ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32security.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\pywintypes26.dll ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\_ssl.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._core_.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32process.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32pdh.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._windows_.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\_hashlib.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._wizard.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32file.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32inet.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\wx._controls_.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\win32event.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\pyexpat.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\unicodedata.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\_MEI57242\select.pyd ()
MOD - C:\Users\Aupex\AppData\Local\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\qtgui4.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\qtscript4.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\qtsql4.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\qtcore4.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\qtnetwork4.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\qtdeclarative4.dll ()
MOD - D:\Program Files\kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - d:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Bamboo Dock\BambooCore.exe ()
MOD - C:\Programme\Tablet\Pen\libxml2.dll ()
MOD - D:\Program Files\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- D:\Program Files\suparaasyp\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVP) -- D:\Program Files\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
SRV - (MCSWASVR) -- d:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- d:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- d:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (MSSQL$JTLWAWI) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SbieSvc) -- d:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (SASKUTIL) -- D:\Program Files\suparaasyp\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\Program Files\suparaasyp\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) -- C:\Windows\System32\drivers\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SbieDrv) -- d:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 B7 60 24 4D 07 CB 01  [binary data]
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\..\SearchScopes\{7CA392FF-03B9-4588-9225-404B3C3B6E4B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: KPSA-home-Priess@EasternGraphics.com:1.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Program Files\canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: d:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.06.13 10:31:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.06.13 10:31:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Program Files\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.13 18:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Program Files\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.13 18:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Program Files\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.13 18:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.29 07:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.10.29 07:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:35:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: D:\Program Files\Kaspersky Security Suite CBE 12\THBExt_2_x [2012.06.13 17:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: D:\Program Files\Kaspersky Security Suite CBE 12\THBExt_3_1_x [2012.06.13 17:37:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Aupex\AppData\Roaming\5015
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.29 07:44:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.10.29 07:44:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:35:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:35:31 | 000,000,000 | ---D | M]
 
[2010.09.20 18:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Extensions
[2010.09.20 18:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.22 20:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions
[2010.04.28 10:30:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.04 19:47:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\battlefieldplay4free@ea.com
[2012.09.07 14:22:16 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\fdm_ffext@freedownloadmanager.org
[2011.02.26 21:42:26 | 000,000,000 | ---D | M] (KPSA-Home (Priess)) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\KPSA-home-Priess@EasternGraphics.com
[2009.09.10 20:06:59 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\moveplayer@movenetworks.com
[2012.11.22 20:35:25 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\firefox\profiles\z8fjhgyp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.11.22 15:11:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000..\Run: [KiesHelper] D:\Program Files\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000..\Run: [KiesPDLR] D:\Program Files\kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000..\Run: [SUPERAntiSpyware] D:\Program Files\suparaasyp\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3814163011-2074231880-4065175572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Alles mit FDM herunterladen - d:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - d:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - d:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - d:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - d:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14436A7B-9E23-494B-A111-E37191A2C976}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E4D3FD4-2868-44D7-9825-067520FD8405}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Program Files\suparaasyp\SASWINLO.DLL) - D:\Program Files\suparaasyp\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\suparaasyp\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000.01.18 01:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2002.01.12 03:28:28 | 000,001,042 | R--- | M] () - E:\AUTORUN.INI -- [ CDFS ]
O32 - AutoRun File - [2002.04.22 21:47:10 | 000,000,138 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.22 20:34:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.22 20:34:56 | 000,000,000 | ---D | C] -- C:\Users\Aupex\AppData\Local\temp
[2012.11.22 20:33:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.22 20:20:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.20 08:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.19 20:45:22 | 000,000,000 | ---D | C] -- C:\Users\Aupex\Desktop\trojanerboard
[2012.11.14 22:40:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.14 22:40:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.14 22:40:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.14 22:40:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.14 22:40:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.14 22:40:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.14 22:40:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.14 22:40:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.14 16:14:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.14 16:14:41 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.10 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon_Inc_IC
[2012.11.10 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC
[2012.11.06 20:42:54 | 000,000,000 | ---D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZP
[2012.11.06 20:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alan Hadley
[2012.11.02 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErgoFAKT V4.0
[2012.11.02 18:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2012.11.02 18:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERGO SOFT
[2012.11.02 18:19:09 | 000,000,000 | ---D | C] -- C:\Users\Aupex\AppData\Local\ErgoFAKT
[2012.11.02 18:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ErgoFAKT
[2012.10.25 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Aupex\AppData\Roaming\inkscape
[2012.10.25 10:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RasterVect 17.3 Trial
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 14:57:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.23 14:57:19 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 14:57:19 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 14:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 14:54:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.23 14:54:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.22 15:11:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.19 20:51:47 | 000,000,020 | ---- | M] () -- C:\Users\Aupex\defogger_reenable
[2012.11.19 20:23:38 | 000,389,128 | ---- | M] () -- C:\Users\Aupex\Desktop\bookmarks-2012-11-19.json
[2012.11.19 10:27:17 | 000,136,704 | ---- | M] () -- C:\Users\Aupex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.17 21:08:35 | 000,000,851 | ---- | M] () -- C:\Users\Aupex\Desktop\SOF II Einzelspieler.lnk
[2012.11.15 06:04:02 | 000,566,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 22:53:02 | 000,810,226 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.14 22:53:02 | 000,749,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.14 22:53:02 | 000,198,294 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.14 22:53:02 | 000,166,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.10 17:33:01 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2012.11.06 21:02:40 | 000,002,511 | ---- | M] () -- C:\Users\Aupex\Desktop\CombineZP.lnk
[2012.11.06 20:42:54 | 000,001,944 | ---- | M] () -- C:\Users\Aupex\Desktop\CZPBatch.lnk
[2012.11.02 18:26:47 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\ErgoFAKT V4.0.lnk
[2012.10.30 11:55:17 | 000,005,038 | ---- | M] () -- C:\Users\Aupex\.recently-used.xbel
[2012.10.30 11:52:46 | 000,008,799 | ---- | M] () -- C:\Users\Aupex\AppData\Local\recently-used.xbel
[2012.10.30 11:29:31 | 000,009,020 | ---- | M] () -- C:\Users\Aupex\Desktop\testlogo.svg
[2012.10.25 19:49:09 | 000,025,424 | ---- | M] () -- C:\Users\Aupex\Desktop\Vorschlag Logo.svg
[2012.10.25 19:47:27 | 000,000,634 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2012.10.25 10:45:39 | 000,000,695 | ---- | M] () -- C:\Users\Aupex\Desktop\RasterVect 17.3 Trial.lnk
[2012.10.25 07:46:38 | 000,666,704 | ---- | M] () -- C:\Users\Aupex\Desktop\Vorschlag Logo.png
[2012.10.25 07:45:51 | 000,085,977 | ---- | M] () -- C:\Users\Aupex\Desktop\logoss2.jpg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.19 20:51:27 | 000,000,020 | ---- | C] () -- C:\Users\Aupex\defogger_reenable
[2012.11.19 20:23:37 | 000,389,128 | ---- | C] () -- C:\Users\Aupex\Desktop\bookmarks-2012-11-19.json
[2012.11.06 20:42:54 | 000,002,511 | ---- | C] () -- C:\Users\Aupex\Desktop\CombineZP.lnk
[2012.11.06 20:42:54 | 000,001,944 | ---- | C] () -- C:\Users\Aupex\Desktop\CZPBatch.lnk
[2012.11.02 18:26:47 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\ErgoFAKT V4.0.lnk
[2012.10.30 11:55:17 | 000,005,038 | ---- | C] () -- C:\Users\Aupex\.recently-used.xbel
[2012.10.30 11:52:46 | 000,008,799 | ---- | C] () -- C:\Users\Aupex\AppData\Local\recently-used.xbel
[2012.10.25 20:04:50 | 000,009,020 | ---- | C] () -- C:\Users\Aupex\Desktop\testlogo.svg
[2012.10.25 19:49:07 | 000,025,424 | ---- | C] () -- C:\Users\Aupex\Desktop\Vorschlag Logo.svg
[2012.10.25 19:47:59 | 000,000,666 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.10.25 19:47:27 | 000,000,634 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2012.10.25 10:45:39 | 000,000,695 | ---- | C] () -- C:\Users\Aupex\Desktop\RasterVect 17.3 Trial.lnk
[2012.10.25 07:46:34 | 000,666,704 | ---- | C] () -- C:\Users\Aupex\Desktop\Vorschlag Logo.png
[2012.10.25 07:45:47 | 000,085,977 | ---- | C] () -- C:\Users\Aupex\Desktop\logoss2.jpg
[2012.10.21 20:02:24 | 000,000,762 | ---- | C] () -- C:\Windows\Sof2.INI
[2012.10.13 20:16:50 | 000,000,087 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2012.09.22 10:24:29 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.09.11 14:28:00 | 000,025,600 | ---- | C] () -- C:\Users\Aupex\Salon Seemann.dot
[2012.09.03 06:02:43 | 000,000,800 | ---- | C] () -- C:\Windows\Rtcw.INI
[2012.09.01 13:26:36 | 000,000,104 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\.ptbt1
[2012.07.31 10:37:59 | 000,000,317 | ---- | C] () -- C:\Windows\CODUO.ini
[2012.07.27 19:53:10 | 000,000,721 | ---- | C] () -- C:\Windows\COD.INI
[2012.06.27 20:34:31 | 018,506,240 | ---- | C] () -- C:\Users\Aupex\jtlwawi260612.bak
[2012.06.27 15:06:14 | 014,967,296 | ---- | C] () -- C:\Users\Aupex\sicherung270612.bak
[2012.06.13 18:39:35 | 000,017,408 | ---- | C] () -- C:\Users\Aupex\AppData\Local\WebpageIcons.db
[2012.06.13 17:39:13 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.13 17:39:13 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.05.19 12:26:47 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.05.18 20:39:46 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.05.18 20:39:08 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.04.02 08:03:10 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.03.21 15:14:49 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 18:06:49 | 000,000,021 | ---- | C] () -- C:\Users\Aupex\AppData\Local\mc.pixel.data
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.08 11:00:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.08 11:00:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.08 11:00:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.08 11:00:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.08 11:00:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.06 09:41:31 | 000,523,061 | ---- | C] () -- C:\Users\Aupex\mricrocosft.cab
[2011.05.29 08:31:24 | 000,000,558 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\AutoGK.ini
[2011.05.16 16:39:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.16 16:39:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.14 20:36:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.01.25 15:02:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2010.11.28 12:29:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ss35pp.dll
[2010.10.12 19:54:54 | 007,424,512 | ---- | C] () -- C:\Users\Aupex\tab.bak
[2010.08.26 21:34:46 | 000,360,723 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\mdbu.bin
[2010.06.29 17:17:29 | 000,345,434 | ---- | C] () -- C:\Users\Aupex\bild 00000.jpg
[2010.04.21 18:43:25 | 000,725,294 | ---- | C] () -- C:\Users\Aupex\.fonts.cache-1
[2010.04.21 18:42:04 | 000,000,000 | ---- | C] () -- C:\Users\Aupex\.gtk-bookmarks
[2010.03.11 21:48:19 | 000,000,093 | ---- | C] () -- C:\Users\Aupex\AppData\Local\fusioncache.dat
[2009.11.03 12:46:01 | 000,001,024 | ---- | C] () -- C:\Users\Aupex\.lmmsrc.xml
[2009.06.02 19:38:33 | 000,001,356 | ---- | C] () -- C:\Users\Aupex\AppData\Local\d3d9caps.dat
[2009.03.26 11:14:56 | 000,007,680 | ---- | C] () -- C:\Users\Aupex\20F112907.lbl
[2009.03.22 19:49:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.02.18 10:04:11 | 000,007,680 | ---- | C] () -- C:\Users\Aupex\99L099908.lbl
[2009.01.20 11:23:13 | 000,007,168 | ---- | C] () -- C:\Users\Aupex\bnn.lbl
[2009.01.13 07:11:04 | 000,000,000 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\wklnhst.dat
[2009.01.12 12:16:32 | 000,138,056 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\PnkBstrK.sys
[2009.01.09 20:43:44 | 000,136,704 | ---- | C] () -- C:\Users\Aupex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.06 15:31:21 | 000,005,525 | ---- | C] () -- C:\Users\Aupex\b
[2008.12.28 23:05:28 | 000,027,335 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\nvModes.001
[2008.12.28 23:02:44 | 000,027,335 | ---- | C] () -- C:\Users\Aupex\AppData\Roaming\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 23.11.2012 15:18:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aupex\Desktop\trojanerboard
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,61% Memory free
10,72 Gb Paging File | 9,23 Gb Available in Paging File | 86,04% Paging File free
Paging file location(s): d:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 41,12 Gb Total Space | 1,70 Gb Free Space | 4,14% Space Free | Partition Type: NTFS
Drive D: | 185,90 Gb Total Space | 1,61 Gb Free Space | 0,87% Space Free | Partition Type: NTFS
Drive E: | 523,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFANLAPTOP | User Name: Aupex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3814163011-2074231880-4065175572-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files\BitTorrent\bittorrent.exe" = d:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2E0168-A091-438E-A7FA-4897DA0F0DA8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{15514728-41F3-48FF-AB66-6CCEFD6FAAA7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{16CC534F-D6C6-4BBD-8382-69628BA12263}" = rport=137 | protocol=17 | dir=out | app=system | 
"{25FC251C-0C26-41AB-8424-BC383BA73F05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{342DC21F-8295-4342-909D-A7F279578E63}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48883D63-6C84-4CB2-9507-8AF14136E169}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{52F6B97D-D65F-4C2F-9504-13FEAB266629}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5FA8909D-B37A-4B82-A038-9BC54D200681}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{65926B19-B9ED-44C3-9A57-4428EC2460E0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7705E8D2-3BEF-4495-A65D-A8C8F2D7C117}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{887C0506-54AC-4623-840A-D20902F3AB0E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D40E8E4E-B31C-4D42-BE9A-A503C4AA5243}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEE08896-C538-44C4-A160-B1410D0CEA56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F2B30D6D-C14D-4B2B-A635-DA319F3F910D}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C4640D-2935-4995-BE9F-4B2C1DA91BB7}" = protocol=6 | dir=in | app=d:\spiele\bf2demo\bf2.exe | 
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{07AD8CBF-E94E-437A-A957-0CEB935C3740}" = protocol=6 | dir=in | app=d:\spiele\bf2\bf2.exe | 
"{1472F810-7117-4D9A-8B35-DE71E132A0CC}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{4450E831-A691-4A40-83DD-EA4602401AAE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4503EFED-59B8-420A-8A66-7EADBDAFD1E9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{4AF8D247-2BB2-42B0-8ED6-38643DAD412D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4B8DDB3E-D95C-4203-9F64-FAE650133E2C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5AE29E96-1F28-40E1-81EB-ECC181B98D60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6D71C4A4-8C55-4051-9CAF-52C2775A4A49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7E486AC8-B408-4B5E-AB47-DA73AAAE3851}" = protocol=17 | dir=in | app=d:\spiele\bf2demo\bf2.exe | 
"{8EDEB86E-61A8-48A5-9D05-8D2D7DA305A4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B32A8D67-D6B3-4B82-AA52-CF4E5170086D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B34D8511-DBB8-49C9-B66E-39B4FE65BAC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4302411-D9D1-4298-9068-01F52024EB81}" = protocol=17 | dir=in | app=d:\spiele\bf2\bf2.exe | 
"{CC94E627-5B38-4F08-AB62-114E4D1DFC3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D90F3206-FD62-4239-8891-BF06C088F99B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EC08F273-D3ED-4C12-A5A6-EF62378C0496}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EC6CEA8F-7ECF-4685-BCB8-4EDAC6123F64}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F752E18F-439E-4C66-882B-7F6344B3439A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{089EBD9B-DFC0-4416-8DE3-796F8CDA1158}" = ErgoFAKT V4.0
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series" = Canon MX420 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{14E5D149-FD0F-4595-A84E-68D821167591}" = NetObjects Fusion 11.0
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5D4604-EA08-4EDC-8EE7-A004946FB016}" = Terragen 2 Free Edition (Beta)
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{4EFD0178-748B-4AEF-BF64-51BEF3048F8B}" = Terragen 2 Free Edition
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985F828E-0E98-429F-9C05-EF3BDE7568F7}" = Paragon Drive Backup™ 9.0 Free Edition
"{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95E668D-5B58-43E4-9E10-BFF43E943AEB}" = MAGIX Screenshare
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C89AF1D9-A501-4AA5-9E44-9753D0F92347}" = Kidizoom® Pro & Plus
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CBBC89D4-84CB-48A5-AC5A-88452D3C44D3}" = JTL-Wawi - FastReport - Deployment
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}" = NimoFilm
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D6862B-7112-45CC-B008-2F9D4D409285}" = MAGIX Video deluxe 17 Plus Sonderedition
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5CA1223-2B80-4901-AB52-1595A7DE13D1}" = MAGIX Speed burnR (MSI)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Anti-Twin 2010-09-22 17.58.58" = Anti-Twin (Installation 22.09.2010)
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Bamboo Dock" = Bamboo Dock
"bgbennyboyEMIReplacementSetup_is1" = Escape From Monkey Island
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Blender" = Blender
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Caligari trueSpace7.61 Beta 8 Standalone_is1" = Uninstall trueSpace7.61 Beta 8 Standalone
"Call of Duty" = Call of Duty
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MX420 series Benutzerregistrierung" = Canon MX420 series Benutzerregistrierung
"Canon RAW Codec" = Canon RAW Codec
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CGLsilent" = CGLsilent 1.0.4.1 
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"Die Hochzeitsdrucker_is1" = Die Hochzeitsdrucker 1.5
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DLDIrc" = DLDIrc
"DupDetector_is1" = DupDetector 3.302
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Elements+_is1" = Elements+ for PSE 8 (demo)
"EOS Utility" = Canon Utilities EOS Utility
"Eraser" = Eraser
"Everest Poker" = Everest Poker (Remove Only)
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.5.3
"Free Download Manager_is1" = Free Download Manager 3.0
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.6.908
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"GIMP-2_is1" = GIMP 2.8.2
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.6
"HD Tune_is1" = HD Tune 2.55
"HDD Health_is1" = HDD Health v3.3 Beta
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hugin" = Hugin 2011.4.0
"Hybrid" = Hybrid (remove only)
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"Inkscape" = Inkscape 0.48.2
"InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"IrfanView" = IrfanView (remove only)
"JTL-Wawi_is1" = JTL-Wawi
"Lair of the Leviathan" = Tales of Monkey Island - Lair of the Leviathan
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Lidl-Fotos_is1" = Lidl-Fotos
"Live 8.2.6" = Live 8.2.6
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus Sonderedition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Mediencenter Software" = Mediencenter Assistent
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Mp3tag" = Mp3tag v2.44
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix
"NewBlue Lightning for Magix" = NewBlue Lightning for Magix
"Nmap" = Nmap 4.85BETA9
"OpenAL" = OpenAL
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Pen Tablet Driver" = Bamboo
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars" = PokerStars
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PunkBusterSvc" = PunkBuster Services
"RasterVect 17.3 Trial_is1" = RasterVect 17.3 Trial
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"ReBirth RB-338 2.0" = ReBirth RB-338 2.0
"Recuva" = Recuva
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Rise of the Pirate God" = Tales of Monkey Island - Rise of the Pirate God
"Sandboxie" = Sandboxie 3.34
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"ShrinkTo5Basic" = ShrinkTo5Basic
"Soldier of Fortune II - Double Helix" = Soldier of Fortune II - Double Helix
"Speed Dial Utility" = Canon Kurzwahlprogramm
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"Tales of Monkey Island" = Tales of Monkey Island
"The Siege of Spinner Cay" = Tales of Monkey Island - The Siege of Spinner Cay
"The Trial and Execution of Guybrush Threepwood" = Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood
"Uninstall_is1" = Uninstall 1.0.0.1
"VidCoder_is1" = VidCoder 0.8.0 (x86)
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.10
"VobSub" = VobSub v2.23 (Remove Only)
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WaveSurgeon (Evaluation)_is1" = WaveSurgeon (Evaluation) 2.8.1
"WinLiveSuite" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"XMedia Recode" = XMedia Recode 2.1.8.0
"XnView_is1" = XnView 1.95.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3814163011-2074231880-4065175572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"pycrypto-py2.6" = Python 2.6 pycrypto-2.0.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2012 10:11:13 | Computer Name = Stefanlaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.11.2012 07:19:00 | Computer Name = Stefanlaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.11.2012 07:19:00 | Computer Name = Stefanlaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.11.2012 01:05:32 | Computer Name = Stefanlaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.11.2012 01:05:32 | Computer Name = Stefanlaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2343
 
Error - 23.11.2012 01:05:32 | Computer Name = Stefanlaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2343
 
Error - 23.11.2012 01:05:34 | Computer Name = Stefanlaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.11.2012 01:05:34 | Computer Name = Stefanlaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4359
 
Error - 23.11.2012 01:05:34 | Computer Name = Stefanlaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4359
 
Error - 23.11.2012 10:00:35 | Computer Name = Stefanlaptop | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 22.11.2012 10:05:53 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 22.11.2012 10:11:54 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 22.11.2012 10:22:56 | Computer Name = Stefanlaptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.11.2012 10:23:30 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 22.11.2012 15:21:37 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 22.11.2012 15:27:22 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 22.11.2012 15:32:21 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 23.11.2012 00:54:43 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.11.2012 09:57:14 | Computer Name = Stefanlaptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.11.2012 09:59:03 | Computer Name = Stefanlaptop | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

cosinus · 23.11.2012, 20:07

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

aupex · 24.11.2012, 05:57

Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ef0e72d12eb71341aa2c1d944058147d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-24 01:43:45
# local_time=2012-11-24 02:43:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 98251261 98251261 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 23646 191233913 0 0
# compatibility_mode=8192 67108863 100 0 4124 4124 0 0
# scanned=486707
# found=1
# cleaned=0
# scan_time=20239
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091217-212620-476.dll	probably a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

Mbam-Log

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Aupex :: STEFANLAPTOP [Administrator]

23.11.2012 20:47:44
mbam-log-2012-11-23 (20-47-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 265932
Laufzeit: 5 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 26.11.2012, 14:20

Sieht soweit ok aus, nur ein Fund in einem Hijackthis-Backup

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

aupex · 26.11.2012, 21:08

Danke für Deine Hilfe.
Rechner läuft. Der Internetexplorer meckert zwar noch, dass die inetcpl.cpl fehlt, aber ich denke das ist ein Folgeschaden.
Firefox funktioniert jetzt wieder ohne Hänger, nachdem Ich Flash deaktiviert habe.
Neueste Flashversion habe ich noch nicht installiert.

Vielen Dank nochmal.

Gruß

Aupex

cosinus · 26.11.2012, 21:18

Zitat:

Der Internetexplorer meckert zwar noch, dass die inetcpl.cpl fehlt, aber ich denke das ist ein Folgeschaden.

Neuinstallation bzw. Reparatur von Internet Explorer in Windows 7, Windows Vista und Windows XP

aupex · 27.11.2012, 18:09

Funktioniert nicht.
Neuinstallation funktioniert nicht und die anderen Tips auf der Seite auch nicht. Fixit setzt nur die Sicherheitseinstellungen zurück und den ersten Tip kann ich gar nicht nutzen, da der IE nicht startet (geht nur ein Fenster auf "Downloads anzeigen".) Das eigentlich Browserfenster geht sofort wieder zu.
Neuinstallation funktioniert nicht, da ich scheinbar eine Neuere Version als die angebotene (IE9) auf dem Rechner habe...
Ist aber eigentlich nicht tragisch, da ich den IE sowieso nicht nutze.

Gruß

cosinus · 27.11.2012, 19:41

Ähm naja, der IE ist eine Windows-Kernkomponente, deswegen würde ich dieses Problem nicht gerade auf die leichte Schulter nehmen

Richte dir bitte mal über die Systemsteuerung/Benutzerkonten ein 2. Windows-Benutzerkonto ein, username testuser oder so. Ruhig Adminrechte. Log dich als, als testuser ein und teste damit mal den IE.

Ich will nämlich mal wissen wie der IE sich bei dir bei einem Benutzer mit komplett frischem Benutzerprofil verhält.

Firefox und IE funktionieren nach Kaspersky-Funden nicht mehr.

Plagegeister aller Art und deren Bekämpfung: Firefox und IE funktionieren nach Kaspersky-Funden nicht mehr.