GVU Trojaner mit Webcam

schweinipete · 28.11.2012, 16:54

Hallo Matthias,

vielen vielen Dank dass du dich meiner annimmst!

Die Toolbar und Avira kann ich wenn du möchtest im Ablauf sehr gerne löschen, was gibt es denn für Alternativen?

Defogger meldet nach einer Sekunde folgendes:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:43 on 28/11/2012 (peterparker)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Also nicht wirklich viel..?

aswMBR das hier:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 16:45:07
-----------------------------
16:45:07.403    OS Version: Windows x64 6.1.7601 Service Pack 1
16:45:07.403    Number of processors: 2 586 0x2505
16:45:07.403    ComputerName: PETER-PC  UserName: 
16:45:08.425    Initialize success
16:45:26.885    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:45:26.885    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:45:26.901    Disk 0 MBR read successfully
16:45:26.901    Disk 0 MBR scan
16:45:26.901    Disk 0 Windows VISTA default MBR code
16:45:26.917    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
16:45:26.932    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
16:45:26.963    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       463838 MB offset 26830848
16:45:26.989    Disk 0 scanning C:\Windows\system32\drivers
16:45:35.164    Service scanning
16:46:11.238    Modules scanning
16:46:11.238    Disk 0 trace - called modules:
16:46:11.288    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:46:11.288    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a72410]
16:46:11.288    3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f9050]
16:46:11.298    Scan finished successfully
16:46:58.300    Disk 0 MBR has been saved successfully to "C:\Users\peterparker\Desktop\MBR.dat"
16:46:58.300    The log file has been saved successfully to "C:\Users\peterparker\Desktop\aswMBR.txt"

Grüße,

Peter!

M-K-D-B · 28.11.2012, 19:28

Servus,

Zitat:

Zitat von schweinipete

Die Toolbar und Avira kann ich wenn du möchtest im Ablauf sehr gerne löschen, was gibt es denn für Alternativen?

Avast! Antivirus und Microsoft Security Essentials. Aber mehr dazu später. Du brauchst vorerst nichts installieren.

Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall TuneUp Utilities 2013.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen. Drücke eine beliebige Taste, um den Suchlauf zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von ComboFix.

schweinipete · 29.11.2012, 18:09

Guten Abend Matthias!

Schritt 1: Im Softwarecenter lassen sich die Tune Up Utilities leider nicht entfernen, ich werde gefragt ob ich das Programm (und seine nützlichen Schutzfunktionen!) wirklich entfernen möchte, mit bestätigung auf JA schliesst sich lediglich der Dialog, aber deinstalliert wurde nichts..

Schritt 2 AdwCleaner sagt folgendes:

Log zu groß! Habs angehängt!

Schritt 3 JRT gibt das hier aus:

Log zu groß! Habs angehängt!

Schritt 4 Combofix moniert dass bei mir noch Avira läuft, das habe ich dann schnell deinstalliert, danach kam leider der Hinweis dass es noch immer läuft. Eine Möglichkeit abzubrechen gab es bei Combofox jedoch nicht, nur die Option OK die ich dann betätigt habe. Hier das LOG, soll ich versuchen Avira loszuwerden und noch mal Combofix starten?

Log zu groß! Habs angehängt!

Gruß,

Peter!

M-K-D-B · 29.11.2012, 19:15

Servus,

lass mal Avira gut sein. So geht es weiter:

Schritt 1
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Folder::
c:\users\peterparker\AppData\Roaming\Zarb
c:\users\peterparker\AppData\Roaming\16001.009
c:\users\peterparker\AppData\Roaming\16001.008
c:\users\peterparker\AppData\Roaming\xmldm
c:\users\peterparker\AppData\Roaming\kock
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Schritt 2

Starte bitte die OTL.exe.
Setze einen Haken bei Scanne alle Benutzer.
Wähle unter Extra Registrierung: Benutze Safe List.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

c:\users\peterparker\AppData\Roaming\*.

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die Logdatei von OTL.

schweinipete · 29.11.2012, 20:05

Hallo!

Hier ist das ComboFix Log:

Code:

ATTFilter

ComboFix 12-11-29.02 - peterparker 29.11.2012  19:39:15.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.3195 [GMT 1:00]
ausgeführt von:: c:\users\peterparker\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\peterparker\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\peterparker\AppData\Roaming\16001.008
c:\users\peterparker\AppData\Roaming\16001.008\chrome.manifest
c:\users\peterparker\AppData\Roaming\16001.008\components\AcroFF.txt
c:\users\peterparker\AppData\Roaming\16001.008\install.rdf
c:\users\peterparker\AppData\Roaming\16001.009
c:\users\peterparker\AppData\Roaming\16001.009\chrome.manifest
c:\users\peterparker\AppData\Roaming\16001.009\components\AcroFF.txt
c:\users\peterparker\AppData\Roaming\16001.009\install.rdf
c:\users\peterparker\AppData\Roaming\kock
c:\users\peterparker\AppData\Roaming\xmldm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000002.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000003.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000004.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000005.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000006.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000008.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000009.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000010.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000011.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000012.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000013.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000014.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000015.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000016.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000017.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000018.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000019.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000020.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000021.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000022.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000023.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000024.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000025.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000026.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000027.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000028.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000029.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000030.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000031.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000032.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000033.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000034.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000035.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000036.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000037.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000038.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000039.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000040.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000041.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000042.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000043.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000044.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000045.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000046.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000047.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000048.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000049.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000050.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000051.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000052.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000053.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000054.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000055.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000056.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000057.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000058.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000059.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000060.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000061.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000062.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000063.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000064.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000065.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000066.eml
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000067.eml
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000068.eml
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000069.eml
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000070.eml
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000071.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000072.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000073.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000074.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000075.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000076.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000077.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000078.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000079.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000080.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000081.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000082.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000083.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000084.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000085.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000086.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000087.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000088.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000089.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000090.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000091.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000092.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000093.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000094.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000095.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000096.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000097.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000098.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000099.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000100.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000101.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000102.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000103.htm
c:\users\peterparker\AppData\Roaming\xmldm\firefox.exe_UAs7.dat
c:\users\peterparker\AppData\Roaming\Zarb
c:\users\peterparker\AppData\Roaming\Zarb\Verben_d.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_ds.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_e.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_f.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_i.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_l.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_n.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_p.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_pt.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_s.doc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-29  ))))))))))))))))))))))))))))))
.
.
2012-11-29 18:47 . 2012-11-29 18:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-29 16:32 . 2012-11-29 16:32	--------	d-----w-	c:\windows\ERUNT
2012-11-29 16:32 . 2012-11-29 16:32	--------	d-----w-	C:\JRT
2012-11-27 17:43 . 2012-11-27 17:43	--------	d-----w-	c:\users\peterparker\AppData\Roaming\Malwarebytes
2012-11-27 17:43 . 2012-11-27 17:43	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-27 17:43 . 2012-11-27 17:43	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-27 17:43 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-27 14:13 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EBB0D8D-BD54-4043-8AE7-3F1B74E454A3}\mpengine.dll
2012-11-16 00:04 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-16 00:04 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 00:04 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 00:04 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-15 23:55 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-15 23:55 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-15 23:55 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 23:55 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 23:55 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-15 23:55 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-15 23:55 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 18:58 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-15 18:58 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 23:56 . 2011-08-11 11:16	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-10-16 16:58 . 2012-10-16 16:59	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 16:58 . 2012-10-10 15:50	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-16 16:58 . 2012-10-10 15:50	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-16 15:19 . 2012-05-10 19:29	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 15:19 . 2011-08-12 20:05	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:19 . 2012-10-09 17:20	8192	----a-w-	c:\windows\SysWow64\srvany.exe
2012-10-09 17:19 . 2012-10-09 17:20	151552	----a-w-	c:\windows\KMService.exe
2012-09-19 09:29 . 2012-10-07 13:52	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-09-19 09:29 . 2012-10-07 13:51	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-09-19 09:29 . 2012-10-07 13:51	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-09-14 19:19 . 2012-10-10 17:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 17:45	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-13 13:26 . 2012-09-12 17:30	1259888	----a-w-	c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-12 17:30	35328	----a-w-	c:\windows\system32\ImHttpComm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{008BC998-00C2-85AB-98FB-A5C5BC4B450D}]
c:\programdata\DownloadnSave\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
c:\program files (x86)\DealPly\DealPlyIE.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Starter"="c:\program files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe" [2012-02-14 79728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\peterparker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-04-23 867360]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 15:19]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 15:47]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
c:\program files\Web Assistant\Extension64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-04-23 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\peterparker\AppData\Roaming\Mozilla\Firefox\Profiles\x8n2m0fo.default\
FF - ExtSQL: 2012-10-10 16:38; toolbar@web.de; c:\users\peterparker\AppData\Roaming\Mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@web.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-29  19:49:47
ComboFix-quarantined-files.txt  2012-11-29 18:49
ComboFix2.txt  2012-11-29 16:54
.
Vor Suchlauf: 13 Verzeichnis(se), 325.386.891.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 325.308.006.400 Bytes frei
.
- - End Of File - - F0FD05636D16952A61A37135F6B9C937

Und hier die OTL:

Code:

ATTFilter

OTL logfile created on: 29.11.2012 19:52:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\peterparker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,01 Gb Available Physical Memory | 77,95% Memory free
7,73 Gb Paging File | 7,09 Gb Available in Paging File | 91,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,97 Gb Total Space | 303,05 Gb Free Space | 66,90% Space Free | Partition Type: NTFS
Drive E: | 1,76 Gb Total Space | 1,63 Gb Free Space | 92,64% Space Free | Partition Type: FAT32
 
Computer Name: PETER-PC | User Name: peterparker | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\peterparker\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE444DE444
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=4507575425824172&p2=^A9T^YYYYYY^YY^DE&q={searchTerms}
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{D5D7DA65-FD84-4437-A917-1F39C2656688}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: 500ea40e66ec9%40500ea40e66f02.info:1.0
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B988da70d-b78d-44a1-a9c7-ed11832a9e2e%7D:1.3
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 19:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\peterparker\AppData\Roaming\16001.009
 
[2012.08.26 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Extensions
[2012.11.29 17:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions
[2012.07.24 16:34:05 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\500ea40e66ec9@500ea40e66f02.info
[2012.11.29 17:41:36 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@web.de
[2012.01.14 20:45:34 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.03.11 11:16:13 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2011.09.18 17:38:45 | 000,087,923 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2012.10.22 17:35:10 | 000,001,028 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\dvdvideosofttb-customized-web-search.xml
[2012.02.16 18:09:18 | 000,002,057 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\youtube-videosuche.xml
[2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012.11.22 19:58:33 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\USERS\PETERPARKER\APPDATA\ROAMING\16001.009
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\
CHR - Extension: DownloadnSave = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcccpgeibhlebnekpbfcfagendjaeamn\1.0_0\
 
O1 HOSTS File: ([2012.11.29 19:47:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll File not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DownloadnSave Class) - {008BC998-00C2-85AB-98FB-A5C5BC4B450D} - C:\ProgramData\DownloadnSave\bhoclass.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\peterparker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE61BBFF-0C83-4242-BD71-7BB94BCED92E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 19:47:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.29 19:32:32 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\peterparker\Desktop\ComboFix.exe
[2012.11.29 17:42:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.29 17:42:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.29 17:42:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.29 17:38:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.29 17:38:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.29 17:32:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.29 17:32:14 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.28 16:43:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\peterparker\Desktop\aswMBR.exe
[2012.11.27 18:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe
[2012.11.27 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\Malwarebytes
[2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 18:43:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.27 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.20 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Application Data
[2012.11.16 01:04:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 01:04:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 00:55:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 00:55:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 00:55:50 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 00:55:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 19:59:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 19:59:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 19:59:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 19:59:11 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 19:59:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 19:59:11 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 19:59:11 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.15 19:58:53 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 19:58:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.05 19:26:32 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Fotos Klasse
[2012.11.02 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Global Booty Shake Songs Nov Dez 2012
[10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 19:47:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.29 19:32:57 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\peterparker\Desktop\ComboFix.exe
[2012.11.29 19:27:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 19:27:23 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 17:16:28 | 000,911,990 | ---- | M] () -- C:\Users\peterparker\Desktop\JRT.exe
[2012.11.29 17:16:00 | 000,480,125 | ---- | M] () -- C:\Users\peterparker\Desktop\adwcleaner.exe
[2012.11.28 17:20:58 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.28 17:20:58 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.28 17:20:58 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.28 17:20:58 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.28 17:20:58 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.28 16:46:58 | 000,000,512 | ---- | M] () -- C:\Users\peterparker\Desktop\MBR.dat
[2012.11.28 16:44:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\peterparker\Desktop\aswMBR.exe
[2012.11.28 16:42:49 | 000,000,000 | ---- | M] () -- C:\Users\peterparker\defogger_reenable
[2012.11.28 16:42:12 | 000,050,477 | ---- | M] () -- C:\Users\peterparker\Desktop\Defogger.exe
[2012.11.27 18:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe
[2012.11.27 18:43:09 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.27 18:35:03 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 17:24:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 17:24:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 19:21:14 | 000,421,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.22 19:58:40 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.11 14:21:16 | 000,000,051 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res
[10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.29 17:42:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.29 17:42:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.29 17:42:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.29 17:42:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.29 17:42:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.29 17:16:22 | 000,911,990 | ---- | C] () -- C:\Users\peterparker\Desktop\JRT.exe
[2012.11.29 17:16:00 | 000,480,125 | ---- | C] () -- C:\Users\peterparker\Desktop\adwcleaner.exe
[2012.11.28 16:46:58 | 000,000,512 | ---- | C] () -- C:\Users\peterparker\Desktop\MBR.dat
[2012.11.28 16:42:49 | 000,000,000 | ---- | C] () -- C:\Users\peterparker\defogger_reenable
[2012.11.27 19:26:06 | 000,050,477 | ---- | C] () -- C:\Users\peterparker\Desktop\Defogger.exe
[2012.11.27 18:43:09 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 21:36:59 | 008,626,176 | ---- | C] () -- C:\Users\peterparker\Desktop\Israel Kamakawiwoole - Somewhere over the rainbow - What a wonderful world.mp3
[2012.11.16 01:04:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 00:55:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.08 20:27:39 | 000,000,051 | ---- | C] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res
[2012.10.09 18:20:16 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2012.10.09 18:20:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.05.21 17:23:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.10.01 17:26:25 | 000,003,584 | ---- | C] () -- C:\Users\peterparker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.09 14:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.09 10:36:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< c:\users\peterparker\AppData\Roaming\*. >
[2011.08.16 12:42:11 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Adobe
[2012.10.30 16:36:09 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Apple Computer
[2011.08.08 18:47:08 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\ATI
[2011.08.12 21:25:37 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Canneverbe Limited
[2012.10.09 17:38:18 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\DAEMON Tools Lite
[2012.11.27 18:35:24 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Dropbox
[2012.08.20 11:13:46 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\elsterformular
[2011.08.08 19:04:43 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Google
[2011.08.08 18:45:57 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Identities
[2011.08.08 18:46:26 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Macromedia
[2012.11.27 18:43:19 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Malwarebytes
[2010.05.07 07:57:13 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Media Center Programs
[2012.06.05 22:43:40 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Media Player Classic
[2012.10.11 16:19:43 | 000,000,000 | --SD | M] -- c:\users\peterparker\AppData\Roaming\Microsoft
[2012.08.26 16:30:06 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Mozilla
[2011.10.01 17:26:07 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\MusicNet
[2011.08.18 13:18:31 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\NCH Software
[2012.08.26 16:34:40 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\NCH Swift Sound
[2012.08.31 10:45:22 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Nero
[2012.07.24 16:33:43 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\SendSpace
[2012.08.26 16:29:32 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Skype
[2012.03.24 09:49:33 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\SNS
[2012.11.26 22:55:11 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\SoftGrid Client
[2011.08.09 10:37:16 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\TP
[2012.10.07 14:51:38 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\TuneUp Software
[2012.02.17 17:12:55 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\vlc
[2011.08.09 17:58:20 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\WinRAR

< End of report >

M-K-D-B · 29.11.2012, 20:24

Servus,

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Choose File
Kopiere nun folgendes in die Suchleiste.
Code:
ATTFilter
```
c:\windows\KMService.exe
         
```
und klicke auf Öffnen.
Klicke auf Scan it!.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wiederhole die selben Schritte mit folgenden Dateien.

Code:

ATTFilter

c:\windows\system32\srvany.exe
c:\windows\SysWow64\srvany.exe

GVU Trojaner mit Webcam

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Webcam