Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner gefunden (Windows 7) (https://www.trojaner-board.de/110760-trojaner-gefunden-windows-7-a.html)

Klecks1988 02.03.2012 17:30
Trojaner gefunden (Windows 7)
 
Hallo Trojaner-Board Community,

ich bin seit gestern ein neues Mitglied der Community. Ich habe mir leider ein paar böse Trojaner eingefangen und würde mich sehr darüber freuen, wenn Ihr mir bei der Beseitigung helfen könntet.

Ich habe bereits 3 Scans mit Malwarebytes durchgeführt. Im ersten/zweiten Test wurden 18/15 infizierte Dateien gefunden und ich habe diese entfernen lassen. Im Anschluss habe ich den Vollständigen Suchlauf laufen lassen und es konnte keine weitere inifzierte Datei gefunden werden.
Ist somit das Problem behoben? Über eure Antworten freue ich mich sehr.

Anbei die Logs.

Scan Nummer 1

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: xxx-PC [Administrator]

Schutz: Aktiviert

02.03.2012 01:47:02
mbam-log-2012-03-02 (01-47-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198189
Laufzeit: 12 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Local\Temp\0.1574218895702636g8j8.exe (Exploit.Drop.4) -> Löschen bei Neustart.
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1574218895702636g8j8.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Scan Nummer 2

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User:: XXX-PC [Administrator]

Schutz: Aktiviert

02.03.2012 08:09:36
mbam-log-2012-03-02 (08-09-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197753
Laufzeit: 10 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Scan
Nummer 3

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: XXX-PC [limitiert]

Schutz: Aktiviert

02.03.2012 08:24:27
mbam-log-2012-03-02 (08-24-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340985
Laufzeit: 2 Stunde(n), 45 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Viele Grüß euer Klecks

cosinus 02.03.2012 20:08
Ist das systematisch so gewollt? Quickscans als Admin, Vollscans als einfacher User, das kann nichts werden!
Mach bitte immer Scans und v.a. die Vollscans mit Adminrechten!

Klecks1988 03.03.2012 20:05
Habe nun den ausführlichen Scan durchlaufen lassen. Hier ist das Ergebnis

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEX-PC [Administrator]

Schutz: Deaktiviert

03.03.2012 07:11:13
mbam-log-2012-03-03 (07-11-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342747
Laufzeit: 11 Stunde(n), 59 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Was sollte ich nun als nächstes tun? Oder besteht für mich keine Gefahr mehr?

Liebe Grüße Klecks

cosinus 05.03.2012 12:44
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Klecks1988 08.03.2012 20:13
Hi Arne,

ich habe den Eset Test wie von dir beschrieben durchgeführt.
Hier ist das Ergebnis.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27f19886ff84fd47874d1eac88f15ad2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-08 10:11:36
# local_time=2012-03-08 11:11:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 34914208 34914208 0 0
# compatibility_mode=5893 16776573 100 94 116389 82802479 0 0
# compatibility_mode=8192 67108863 100 0 195931 195931 0 0
# scanned=696159
# found=2
# cleaned=2
# scan_time=30208
C:\$Recycle.Bin\S-1-5-21-1848404816-2837144999-1178208014-1001\$R4ZF18P.exe        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C
Liebe Grüße Klecks

cosinus 08.03.2012 20:34
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Klecks1988 09.03.2012 01:50
Hallo Arne,

anbei der Log vom OTL Scan.

Liebe Grüße Klecks

cosinus 09.03.2012 09:28
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
FF - prefs.js..network.proxy.http: "88.198.182.215"
FF - prefs.js..network.proxy.http_port: 3128
IE - HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.46.145.213:1080
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell - "" = AutoRun
O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell\AutoRun\command - "" = F:\Install.exe
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\pdfforge
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Klecks1988 09.03.2012 16:14
Anbei der Log vom letzten Scan. Vielen Dank für deine Hilfe!!!

Code:
All processes killed
========== OTL ==========
Prefs.js: "88.198.182.215" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
File F:\Install.exe not found.
C:\Users\xxx\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\xxx\AppData\Roaming\pdfforge folder moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: xxx
->Temp folder emptied: 1443176115 bytes
->Temporary Internet Files folder emptied: 86362564 bytes
->Java cache emptied: 5805909 bytes
->FireFox cache emptied: 799074626 bytes
->Flash cache emptied: 1226563 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136525243 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.358,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.1 log created on 03092012_160239

Files\Folders moved on Reboot...
File move failed. D:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 10.03.2012 16:05
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Klecks1988 10.03.2012 16:37
Code:
16:31:57.0331 428616        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:31:59.0334 428616        ============================================================
16:31:59.0335 428616        Current date / time: 2012/03/10 16:31:59.0334
16:31:59.0335 428616        SystemInfo:
16:31:59.0335 428616       
16:31:59.0335 428616        OS Version: 6.1.7601 ServicePack: 1.0
16:31:59.0335 428616        Product type: Workstation
16:31:59.0335 428616        ComputerName: xxx-PC
16:31:59.0335 428616        UserName: xxx
16:31:59.0335 428616        Windows directory: C:\Windows
16:31:59.0335 428616        System windows directory: C:\Windows
16:31:59.0335 428616        Processor architecture: Intel x86
16:31:59.0335 428616        Number of processors: 2
16:31:59.0335 428616        Page size: 0x1000
16:31:59.0335 428616        Boot type: Normal boot
16:31:59.0335 428616        ============================================================
16:32:02.0563 428616        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:32:02.0599 428616        \Device\Harddisk0\DR0:
16:32:02.0608 428616        GPT used
16:32:02.0658 428616        \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ED546C72-DB30-4F0E-A91D-BB2AD22FEA7E}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
16:32:02.0658 428616        \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {CD0B2831-753F-4AF4-8547-FEB222FC1796}, Name: Untitled, StartLBA 0x64028, BlocksNum 0xF000000
16:32:02.0658 428616        \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D90D292A-E574-4C4A-AC7F-B29238165381}, Name: BOOTCAMP, StartLBA 0xF0A4800, BlocksNum 0xE121000
16:32:02.0658 428616        Initialize success
16:32:02.0658 428616        ============================================================
16:33:00.0244 428956        ============================================================
16:33:00.0244 428956        Scan started
16:33:00.0244 428956        Mode: Manual; SigCheck; TDLFS;
16:33:00.0244 428956        ============================================================
16:33:00.0305 428956        1394ohci - ok
16:33:00.0314 428956        ACPI - ok
16:33:00.0318 428956        AcpiPmi - ok
16:33:00.0329 428956        adp94xx - ok
16:33:00.0333 428956        adpahci - ok
16:33:00.0337 428956        adpu320 - ok
16:33:00.0358 428956        AFD - ok
16:33:00.0363 428956        agp440 - ok
16:33:00.0372 428956        aic78xx - ok
16:33:00.0392 428956        aliide - ok
16:33:00.0396 428956        amdagp - ok
16:33:00.0401 428956        amdide - ok
16:33:00.0405 428956        AmdK8 - ok
16:33:00.0409 428956        AmdPPM - ok
16:33:00.0414 428956        amdsata - ok
16:33:00.0419 428956        amdsbs - ok
16:33:00.0423 428956        amdxata - ok
16:33:00.0429 428956        AppID - ok
16:33:00.0467 428956        AppleBtBc - ok
16:33:00.0479 428956        AppleHFS - ok
16:33:00.0484 428956        AppleMNT - ok
16:33:00.0495 428956        applemtm - ok
16:33:00.0500 428956        applemtp - ok
16:33:00.0524 428956        arc - ok
16:33:00.0528 428956        arcsas - ok
16:33:00.0535 428956        AsyncMac - ok
16:33:00.0540 428956        atapi - ok
16:33:00.0637 428956        b06bdrv - ok
16:33:00.0650 428956        b57nd60x - ok
16:33:00.0679 428956        BCM43XX - ok
16:33:00.0688 428956        Beep - ok
16:33:00.0705 428956        blbdrive - ok
16:33:00.0736 428956        bowser - ok
16:33:00.0740 428956        BrFiltLo - ok
16:33:00.0746 428956        BrFiltUp - ok
16:33:00.0752 428956        Brserid - ok
16:33:00.0757 428956        BrSerWdm - ok
16:33:00.0761 428956        BrUsbMdm - ok
16:33:00.0766 428956        BrUsbSer - ok
16:33:00.0770 428956        BthEnum - ok
16:33:00.0775 428956        BTHMODEM - ok
16:33:00.0780 428956        BthPan - ok
16:33:00.0784 428956        BTHPORT - ok
16:33:00.0804 428956        BTHUSB - ok
16:33:00.0814 428956        cdfs - ok
16:33:00.0828 428956        cdrom - ok
16:33:00.0855 428956        circlass - ok
16:33:00.0861 428956        CLFS - ok
16:33:00.0889 428956        CmBatt - ok
16:33:00.0893 428956        cmdide - ok
16:33:00.0897 428956        CNG - ok
16:33:00.0904 428956        Compbatt - ok
16:33:00.0908 428956        CompositeBus - ok
16:33:00.0914 428956        crcdisk - ok
16:33:00.0925 428956        CSC - ok
16:33:00.0942 428956        DfsC - ok
16:33:00.0955 428956        discache - ok
16:33:00.0974 428956        Disk - ok
16:33:01.0024 428956        drmkaud - ok
16:33:01.0048 428956        DrvAgent32 - ok
16:33:01.0053 428956        DXGKrnl - ok
16:33:01.0059 428956        ebdrv - ok
16:33:01.0070 428956        elxstor - ok
16:33:01.0076 428956        ErrDev - ok
16:33:01.0086 428956        exfat - ok
16:33:01.0090 428956        fastfat - ok
16:33:01.0115 428956        fdc - ok
16:33:01.0124 428956        FileInfo - ok
16:33:01.0128 428956        Filetrace - ok
16:33:01.0133 428956        flpydisk - ok
16:33:01.0138 428956        FltMgr - ok
16:33:01.0146 428956        FsDepends - ok
16:33:01.0150 428956        Fs_Rec - ok
16:33:01.0155 428956        fvevol - ok
16:33:01.0180 428956        gagp30kx - ok
16:33:01.0240 428956        GDBehave - ok
16:33:01.0257 428956        GDMnIcpt - ok
16:33:01.0299 428956        GdNetMon - ok
16:33:01.0312 428956        GDPkIcpt - ok
16:33:01.0348 428956        gdwfpcd - ok
16:33:01.0356 428956        GEARAspiWDM - ok
16:33:01.0379 428956        giveio - ok
16:33:01.0388 428956        GRD - ok
16:33:01.0408 428956        grmnusb - ok
16:33:01.0441 428956        hcw85cir - ok
16:33:01.0460 428956        HdAudAddService - ok
16:33:01.0470 428956        HDAudBus - ok
16:33:01.0474 428956        HidBatt - ok
16:33:01.0479 428956        HidBth - ok
16:33:01.0497 428956        HidIr - ok
16:33:01.0507 428956        HidUsb - ok
16:33:01.0545 428956        HookCentre - ok
16:33:01.0557 428956        HpSAMD - ok
16:33:01.0571 428956        HTTP - ok
16:33:01.0580 428956        hwpolicy - ok
16:33:01.0591 428956        i8042prt - ok
16:33:01.0600 428956        iaStorV - ok
16:33:01.0607 428956        iirsp - ok
16:33:01.0640 428956        inpout32 - ok
16:33:01.0656 428956        IntcAzAudAddService - ok
16:33:01.0660 428956        intelide - ok
16:33:01.0664 428956        intelppm - ok
16:33:01.0670 428956        IpFilterDriver - ok
16:33:01.0679 428956        IPMIDRV - ok
16:33:01.0684 428956        IPNAT - ok
16:33:01.0693 428956        IRENUM - ok
16:33:01.0711 428956        IRRemoteFlt - ok
16:33:01.0715 428956        isapnp - ok
16:33:01.0719 428956        iScsiPrt - ok
16:33:01.0741 428956        kbdclass - ok
16:33:01.0751 428956        kbdhid - ok
16:33:01.0755 428956        KeyAgent - ok
16:33:01.0788 428956        KeyMagic - ok
16:33:01.0793 428956        KSecDD - ok
16:33:01.0797 428956        KSecPkg - ok
16:33:01.0851 428956        LHidFilt - ok
16:33:01.0865 428956        lltdio - ok
16:33:01.0877 428956        LMouFilt - ok
16:33:01.0885 428956        LSI_FC - ok
16:33:01.0889 428956        LSI_SAS - ok
16:33:01.0894 428956        LSI_SAS2 - ok
16:33:01.0898 428956        LSI_SCSI - ok
16:33:01.0909 428956        luafv - ok
16:33:01.0918 428956        MacHALDriver - ok
16:33:01.0940 428956        massfilter - ok
16:33:01.0980 428956        MBAMProtector - ok
16:33:01.0998 428956        mdf16 - ok
16:33:02.0002 428956        megasas - ok
16:33:02.0019 428956        MegaSR - ok
16:33:02.0026 428956        Modem - ok
16:33:02.0040 428956        monitor - ok
16:33:02.0054 428956        mouclass - ok
16:33:02.0060 428956        mouhid - ok
16:33:02.0070 428956        mountmgr - ok
16:33:02.0077 428956        mpio - ok
16:33:02.0080 428956        mpsdrv - ok
16:33:02.0086 428956        MRxDAV - ok
16:33:02.0092 428956        mrxsmb - ok
16:33:02.0096 428956        mrxsmb10 - ok
16:33:02.0100 428956        mrxsmb20 - ok
16:33:02.0105 428956        msahci - ok
16:33:02.0108 428956        msdsm - ok
16:33:02.0119 428956        Msfs - ok
16:33:02.0123 428956        mshidkmdf - ok
16:33:02.0128 428956        msisadrv - ok
16:33:02.0146 428956        MSKSSRV - ok
16:33:02.0152 428956        MSPCLOCK - ok
16:33:02.0156 428956        MSPQM - ok
16:33:02.0161 428956        MsRPC - ok
16:33:02.0168 428956        mssmbios - ok
16:33:02.0172 428956        MSTEE - ok
16:33:02.0176 428956        MTConfig - ok
16:33:02.0180 428956        Mup - ok
16:33:02.0185 428956        mvd23 - ok
16:33:02.0192 428956        NativeWifiP - ok
16:33:02.0200 428956        NDIS - ok
16:33:02.0204 428956        NdisCap - ok
16:33:02.0208 428956        NdisTapi - ok
16:33:02.0218 428956        Ndisuio - ok
16:33:02.0223 428956        NdisWan - ok
16:33:02.0227 428956        NDProxy - ok
16:33:02.0237 428956        Netaapl - ok
16:33:02.0243 428956        NetBIOS - ok
16:33:02.0247 428956        NetBT - ok
16:33:02.0280 428956        nfrd960 - ok
16:33:02.0287 428956        Npfs - ok
16:33:02.0312 428956        NRKCTL32 - ok
16:33:02.0318 428956        nsiproxy - ok
16:33:02.0324 428956        Ntfs - ok
16:33:02.0329 428956        Null - ok
16:33:02.0333 428956        NVENETFD - ok
16:33:02.0341 428956        nvlddmkm - ok
16:33:02.0382 428956        NVNET - ok
16:33:02.0396 428956        nvraid - ok
16:33:02.0402 428956        nvsmu - ok
16:33:02.0407 428956        nvstor - ok
16:33:02.0441 428956        nv_agp - ok
16:33:02.0451 428956        ohci1394 - ok
16:33:02.0511 428956        Parport - ok
16:33:02.0517 428956        partmgr - ok
16:33:02.0524 428956        Parvdm - ok
16:33:02.0530 428956        pci - ok
16:33:02.0535 428956        pcidrv - ok
16:33:02.0539 428956        pciide - ok
16:33:02.0543 428956        pcmcia - ok
16:33:02.0548 428956        pcw - ok
16:33:02.0552 428956        PEAUTH - ok
16:33:02.0676 428956        PptpMiniport - ok
16:33:02.0681 428956        Processor - ok
16:33:02.0713 428956        Psched - ok
16:33:02.0728 428956        ql2300 - ok
16:33:02.0733 428956        ql40xx - ok
16:33:02.0740 428956        QWAVEdrv - ok
16:33:02.0746 428956        RasAcd - ok
16:33:02.0751 428956        RasAgileVpn - ok
16:33:02.0758 428956        Rasl2tp - ok
16:33:02.0778 428956        RasPppoe - ok
16:33:02.0783 428956        RasSstp - ok
16:33:02.0787 428956        rdbss - ok
16:33:02.0791 428956        rdpbus - ok
16:33:02.0796 428956        RDPCDD - ok
16:33:02.0802 428956        RDPDR - ok
16:33:02.0807 428956        RDPENCDD - ok
16:33:02.0814 428956        RDPREFMP - ok
16:33:02.0818 428956        RDPWD - ok
16:33:02.0822 428956        rdyboost - ok
16:33:02.0836 428956        RFCOMM - ok
16:33:02.0847 428956        RimUsb - ok
16:33:02.0865 428956        rspndr - ok
16:33:02.0869 428956        s3cap - ok
16:33:02.0875 428956        sbp2port - ok
16:33:02.0882 428956        scfilter - ok
16:33:02.0895 428956        secdrv - ok
16:33:02.0907 428956        Serenum - ok
16:33:02.0911 428956        Serial - ok
16:33:02.0916 428956        sermouse - ok
16:33:02.0927 428956        sffdisk - ok
16:33:02.0933 428956        sffp_mmc - ok
16:33:02.0937 428956        sffp_sd - ok
16:33:02.0941 428956        sfloppy - ok
16:33:02.0952 428956        sisagp - ok
16:33:02.0956 428956        SiSRaid2 - ok
16:33:02.0963 428956        SiSRaid4 - ok
16:33:02.0986 428956        Smb - ok
16:33:03.0029 428956        speedfan - ok
16:33:03.0033 428956        spldr - ok
16:33:03.0046 428956        srv - ok
16:33:03.0050 428956        srv2 - ok
16:33:03.0055 428956        srvnet - ok
16:33:03.0059 428956        sscdbus - ok
16:33:03.0088 428956        sscdmdfl - ok
16:33:03.0093 428956        sscdmdm - ok
16:33:03.0113 428956        StarOpen - ok
16:33:03.0134 428956        stexstor - ok
16:33:03.0153 428956        storflt - ok
16:33:03.0162 428956        storvsc - ok
16:33:03.0167 428956        swenum - ok
16:33:03.0195 428956        Tcpip - ok
16:33:03.0199 428956        TCPIP6 - ok
16:33:03.0206 428956        tcpipreg - ok
16:33:03.0212 428956        TDPIPE - ok
16:33:03.0219 428956        TDTCP - ok
16:33:03.0223 428956        tdx - ok
16:33:03.0229 428956        TermDD - ok
16:33:03.0270 428956        tssecsrv - ok
16:33:03.0292 428956        TsUsbFlt - ok
16:33:03.0303 428956        tunnel - ok
16:33:03.0307 428956        uagp35 - ok
16:33:03.0311 428956        udfs - ok
16:33:03.0323 428956        uliagpkx - ok
16:33:03.0326 428956        umbus - ok
16:33:03.0331 428956        UmPass - ok
16:33:03.0342 428956        USBAAPL - ok
16:33:03.0373 428956        usbaudio - ok
16:33:03.0378 428956        usbccgp - ok
16:33:03.0382 428956        usbcir - ok
16:33:03.0386 428956        usbehci - ok
16:33:03.0394 428956        usbhub - ok
16:33:03.0398 428956        usbohci - ok
16:33:03.0415 428956        usbprint - ok
16:33:03.0432 428956        usbscan - ok
16:33:03.0440 428956        USBSTOR - ok
16:33:03.0449 428956        usbuhci - ok
16:33:03.0457 428956        usbvideo - ok
16:33:03.0476 428956        usb_rndisx - ok
16:33:03.0487 428956        vdrvroot - ok
16:33:03.0497 428956        vga - ok
16:33:03.0501 428956        VgaSave - ok
16:33:03.0505 428956        vhdmp - ok
16:33:03.0513 428956        viaagp - ok
16:33:03.0517 428956        ViaC7 - ok
16:33:03.0530 428956        viaide - ok
16:33:03.0534 428956        vmbus - ok
16:33:03.0538 428956        VMBusHID - ok
16:33:03.0542 428956        volmgr - ok
16:33:03.0547 428956        volmgrx - ok
16:33:03.0551 428956        volsnap - ok
16:33:03.0555 428956        vsmraid - ok
16:33:03.0562 428956        vwifibus - ok
16:33:03.0568 428956        vwififlt - ok
16:33:03.0573 428956        vwifimp - ok
16:33:03.0583 428956        WacomPen - ok
16:33:03.0587 428956        WANARP - ok
16:33:03.0591 428956        Wanarpv6 - ok
16:33:03.0617 428956        Wd - ok
16:33:03.0621 428956        Wdf01000 - ok
16:33:03.0638 428956        WfpLwf - ok
16:33:03.0643 428956        WIMMount - ok
16:33:03.0674 428956        WinUsb - ok
16:33:03.0680 428956        WmiAcpi - ok
16:33:03.0699 428956        ws2ifsl - ok
16:33:03.0713 428956        WudfPf - ok
16:33:03.0717 428956        WUDFRd - ok
16:33:03.0735 428956        ZTEusbmdm6k - ok
16:33:03.0756 428956        ZTEusbnmea - ok
16:33:03.0761 428956        ZTEusbser6k - ok
16:33:03.0809 428956        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:33:03.0974 428956        \Device\Harddisk0\DR0 - ok
16:33:03.0983 428956        Boot (0x1200)  (f00df79ecae519202bdeea2c1431628d) \Device\Harddisk0\DR0\Partition0
16:33:03.0983 428956        \Device\Harddisk0\DR0\Partition0 - ok
16:33:03.0991 428956        Boot (0x1200)  (be06d81fa7b7e864a0249b11a07c1b83) \Device\Harddisk0\DR0\Partition1
16:33:03.0992 428956        \Device\Harddisk0\DR0\Partition1 - ok
16:33:04.0003 428956        Boot (0x1200)  (5836c6d9dade5451c99c3aa2a7366c36) \Device\Harddisk0\DR0\Partition2
16:33:04.0004 428956        \Device\Harddisk0\DR0\Partition2 - ok
16:33:04.0007 428956        ============================================================
16:33:04.0007 428956        Scan finished
16:33:04.0007 428956        ============================================================
16:33:04.0021 428692        Detected object count: 0
16:33:04.0021 428692        Actual detected object count: 0
nix gefunden :)

cosinus 10.03.2012 16:49
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Klecks1988 11.03.2012 16:40
Hi Arne,

ich habe alles durchgeführt. Allerdings glaube ich, dass der BKA Trojaner noch vorhanden ist. Ich soll eine Zahlung von 100 Euro leisten.

Wie soll ich nun vorgehen?

Klecks1988 11.03.2012 17:32
OTL Scan im abgesicherten Modus.

OTL Logfile:
Code:
OTL logfile created on: 11.03.2012 17:20:09 - Run 2
OTL by OldTimer - Version 3.2.36.1    Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 71,02% Memory free
5,72 Gb Paging File | 4,97 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,95 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
 
Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) --  File not found
DRV - (ZTEusbnmea) --  File not found
DRV - (ZTEusbmdm6k) --  File not found
DRV - (pcidrv) --  File not found
DRV - (NRKCTL32) --  File not found
DRV - (massfilter) --  File not found
DRV - (catchme) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M]
 
[2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar
[2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml
[2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak
[2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop
[2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software
[2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents
[2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax
[2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook
[2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot
[2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder
[2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg
[2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg
[2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
[2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82}
[2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg
[2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys
[2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
 
========== LOP Check ==========
 
[2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft
[2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost
[2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot
[2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN
[2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo
[2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ
[2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape
[2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files
[2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung
[2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE
[2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue
[2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


p.s. ich benutze bootcamp. gdata internet security 2012 als firewall und virenprogramm. Welche zusätzlichen tools sollte ich noch beschaffen? Ich hatte bisher keine Probleme mit Viren...Es häuft sich in den letzten Woche leider.

Klecks1988 11.03.2012 17:44
Ich habe soeben alte Posts durchforstet.

Ich habe die dort beschriebenen Empfehlungen befolgt.
Hier OTL Scan Extras und normal

Normal:
OTL Logfile:
Code:
OTL logfile created on: 11.03.2012 17:37:32 - Run 2
OTL by OldTimer - Version 3.2.36.1    Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free
5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) --  File not found
DRV - (ZTEusbnmea) --  File not found
DRV - (ZTEusbmdm6k) --  File not found
DRV - (pcidrv) --  File not found
DRV - (NRKCTL32) --  File not found
DRV - (massfilter) --  File not found
DRV - (catchme) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M]
 
[2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.03.11 17:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar
[2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml
[2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak
[2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.07 02:36:21 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.03.07 02:36:19 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.03.07 02:36:19 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.03.07 02:36:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.03.07 02:36:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop
[2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software
[2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.02 01:52:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents
[2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax
[2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook
[2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot
[2012.02.16 00:17:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.16 00:17:47 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.16 00:17:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.16 00:17:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.16 00:17:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.16 00:17:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.15 12:38:49 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.15 12:22:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder
[2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg
[2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.03.09 15:27:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg
[2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
[2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82}
[2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg
[2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys
[2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
 
========== LOP Check ==========
 
[2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft
[2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost
[2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot
[2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN
[2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo
[2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ
[2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape
[2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files
[2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung
[2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE
[2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue
[2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Extras
OTL Logfile:
Code:
OTL Extras logfile created on: 11.03.2012 17:37:32 - Run 2
OTL by OldTimer - Version 3.2.36.1    Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free
5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09D25025-D7A2-47BA-99D4-3147DDD2D4A5}" = Oracle IRM Desktop
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58D335B6-B3C6-4465-AEC3-6442BC323723}" = SharpKeys
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.8.3.10)
"0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-Treiberpaket - Marvell (yukonwlh) Net  (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)
"20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"44E2556E81BCB991055DD976642491906DD3B8A0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5405F83664E016638462F8F8C1DAE59D04942778" = Windows-Treiberpaket - Apple Inc. Bluetooth  (11/23/2009 3.0.0.4)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)
"68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)
"7-Zip" = 7-Zip 9.20
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows-Treiberpaket - Broadcom (b57nd60x) Net  (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"DivX Setup.divx.com" = DivX-Setup
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"DriverAgent.exe" = DriverAgent by eSupport.com
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)
"ESET Online Scanner" = ESET Online Scanner v3
"EventGhost_is1" = EventGhost 0.3.7.r1462
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Game Booster_is1" = Game Booster
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pharos" = Pharos
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShapeCollage" = Shape Collage
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"STANDARDR" = Microsoft Office Standard 2007
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.10.2011 17:19:02 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1099479
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1100478
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1100478
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1101492
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1101492
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1102490
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1102490
 
[ OSession Events ]
Error - 27.02.2012 10:42:16 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 06:20:17 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 06:21:13 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 12:57:00 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 04:17:26 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:02:20 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:02:53 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:04:14 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 66
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:05:21 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2012 07:26:01 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54271
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:55 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22