Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner gefunden (Windows 7) (https://www.trojaner-board.de/110760-trojaner-gefunden-windows-7-a.html)

Klecks1988 02.03.2012 17:30
Trojaner gefunden (Windows 7)
 
Hallo Trojaner-Board Community,

ich bin seit gestern ein neues Mitglied der Community. Ich habe mir leider ein paar böse Trojaner eingefangen und würde mich sehr darüber freuen, wenn Ihr mir bei der Beseitigung helfen könntet.

Ich habe bereits 3 Scans mit Malwarebytes durchgeführt. Im ersten/zweiten Test wurden 18/15 infizierte Dateien gefunden und ich habe diese entfernen lassen. Im Anschluss habe ich den Vollständigen Suchlauf laufen lassen und es konnte keine weitere inifzierte Datei gefunden werden.
Ist somit das Problem behoben? Über eure Antworten freue ich mich sehr.

Anbei die Logs.

Scan Nummer 1

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: xxx-PC [Administrator]

Schutz: Aktiviert

02.03.2012 01:47:02
mbam-log-2012-03-02 (01-47-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198189
Laufzeit: 12 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Local\Temp\0.1574218895702636g8j8.exe (Exploit.Drop.4) -> Löschen bei Neustart.
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1574218895702636g8j8.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Scan Nummer 2

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User:: XXX-PC [Administrator]

Schutz: Aktiviert

02.03.2012 08:09:36
mbam-log-2012-03-02 (08-09-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197753
Laufzeit: 10 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Scan
Nummer 3

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: XXX-PC [limitiert]

Schutz: Aktiviert

02.03.2012 08:24:27
mbam-log-2012-03-02 (08-24-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340985
Laufzeit: 2 Stunde(n), 45 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Viele Grüß euer Klecks

cosinus 02.03.2012 20:08
Ist das systematisch so gewollt? Quickscans als Admin, Vollscans als einfacher User, das kann nichts werden!
Mach bitte immer Scans und v.a. die Vollscans mit Adminrechten!

Klecks1988 03.03.2012 20:05
Habe nun den ausführlichen Scan durchlaufen lassen. Hier ist das Ergebnis

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEX-PC [Administrator]

Schutz: Deaktiviert

03.03.2012 07:11:13
mbam-log-2012-03-03 (07-11-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342747
Laufzeit: 11 Stunde(n), 59 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Was sollte ich nun als nächstes tun? Oder besteht für mich keine Gefahr mehr?

Liebe Grüße Klecks

cosinus 05.03.2012 12:44
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Klecks1988 08.03.2012 20:13
Hi Arne,

ich habe den Eset Test wie von dir beschrieben durchgeführt.
Hier ist das Ergebnis.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27f19886ff84fd47874d1eac88f15ad2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-08 10:11:36
# local_time=2012-03-08 11:11:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 34914208 34914208 0 0
# compatibility_mode=5893 16776573 100 94 116389 82802479 0 0
# compatibility_mode=8192 67108863 100 0 195931 195931 0 0
# scanned=696159
# found=2
# cleaned=2
# scan_time=30208
C:\$Recycle.Bin\S-1-5-21-1848404816-2837144999-1178208014-1001\$R4ZF18P.exe        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C
Liebe Grüße Klecks

cosinus 08.03.2012 20:34
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Klecks1988 09.03.2012 01:50
Hallo Arne,

anbei der Log vom OTL Scan.

Liebe Grüße Klecks

cosinus 09.03.2012 09:28
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
FF - prefs.js..network.proxy.http: "88.198.182.215"
FF - prefs.js..network.proxy.http_port: 3128
IE - HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.46.145.213:1080
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell - "" = AutoRun
O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell\AutoRun\command - "" = F:\Install.exe
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\pdfforge
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Klecks1988 09.03.2012 16:14
Anbei der Log vom letzten Scan. Vielen Dank für deine Hilfe!!!

Code:
All processes killed
========== OTL ==========
Prefs.js: "88.198.182.215" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
File F:\Install.exe not found.
C:\Users\xxx\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\xxx\AppData\Roaming\pdfforge folder moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: xxx
->Temp folder emptied: 1443176115 bytes
->Temporary Internet Files folder emptied: 86362564 bytes
->Java cache emptied: 5805909 bytes
->FireFox cache emptied: 799074626 bytes
->Flash cache emptied: 1226563 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136525243 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.358,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.1 log created on 03092012_160239

Files\Folders moved on Reboot...
File move failed. D:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 10.03.2012 16:05
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Klecks1988 10.03.2012 16:37
Code:
16:31:57.0331 428616        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:31:59.0334 428616        ============================================================
16:31:59.0335 428616        Current date / time: 2012/03/10 16:31:59.0334
16:31:59.0335 428616        SystemInfo:
16:31:59.0335 428616       
16:31:59.0335 428616        OS Version: 6.1.7601 ServicePack: 1.0
16:31:59.0335 428616        Product type: Workstation
16:31:59.0335 428616        ComputerName: xxx-PC
16:31:59.0335 428616        UserName: xxx
16:31:59.0335 428616        Windows directory: C:\Windows
16:31:59.0335 428616        System windows directory: C:\Windows
16:31:59.0335 428616        Processor architecture: Intel x86
16:31:59.0335 428616        Number of processors: 2
16:31:59.0335 428616        Page size: 0x1000
16:31:59.0335 428616        Boot type: Normal boot
16:31:59.0335 428616        ============================================================
16:32:02.0563 428616        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:32:02.0599 428616        \Device\Harddisk0\DR0:
16:32:02.0608 428616        GPT used
16:32:02.0658 428616        \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ED546C72-DB30-4F0E-A91D-BB2AD22FEA7E}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
16:32:02.0658 428616        \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {CD0B2831-753F-4AF4-8547-FEB222FC1796}, Name: Untitled, StartLBA 0x64028, BlocksNum 0xF000000
16:32:02.0658 428616        \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D90D292A-E574-4C4A-AC7F-B29238165381}, Name: BOOTCAMP, StartLBA 0xF0A4800, BlocksNum 0xE121000
16:32:02.0658 428616        Initialize success
16:32:02.0658 428616        ============================================================
16:33:00.0244 428956        ============================================================
16:33:00.0244 428956        Scan started
16:33:00.0244 428956        Mode: Manual; SigCheck; TDLFS;
16:33:00.0244 428956        ============================================================
16:33:00.0305 428956        1394ohci - ok
16:33:00.0314 428956        ACPI - ok
16:33:00.0318 428956        AcpiPmi - ok
16:33:00.0329 428956        adp94xx - ok
16:33:00.0333 428956        adpahci - ok
16:33:00.0337 428956        adpu320 - ok
16:33:00.0358 428956        AFD - ok
16:33:00.0363 428956        agp440 - ok
16:33:00.0372 428956        aic78xx - ok
16:33:00.0392 428956        aliide - ok
16:33:00.0396 428956        amdagp - ok
16:33:00.0401 428956        amdide - ok
16:33:00.0405 428956        AmdK8 - ok
16:33:00.0409 428956        AmdPPM - ok
16:33:00.0414 428956        amdsata - ok
16:33:00.0419 428956        amdsbs - ok
16:33:00.0423 428956        amdxata - ok
16:33:00.0429 428956        AppID - ok
16:33:00.0467 428956        AppleBtBc - ok
16:33:00.0479 428956        AppleHFS - ok
16:33:00.0484 428956        AppleMNT - ok
16:33:00.0495 428956        applemtm - ok
16:33:00.0500 428956        applemtp - ok
16:33:00.0524 428956        arc - ok
16:33:00.0528 428956        arcsas - ok
16:33:00.0535 428956        AsyncMac - ok
16:33:00.0540 428956        atapi - ok
16:33:00.0637 428956        b06bdrv - ok
16:33:00.0650 428956        b57nd60x - ok
16:33:00.0679 428956        BCM43XX - ok
16:33:00.0688 428956        Beep - ok
16:33:00.0705 428956        blbdrive - ok
16:33:00.0736 428956        bowser - ok
16:33:00.0740 428956        BrFiltLo - ok
16:33:00.0746 428956        BrFiltUp - ok
16:33:00.0752 428956        Brserid - ok
16:33:00.0757 428956        BrSerWdm - ok
16:33:00.0761 428956        BrUsbMdm - ok
16:33:00.0766 428956        BrUsbSer - ok
16:33:00.0770 428956        BthEnum - ok
16:33:00.0775 428956        BTHMODEM - ok
16:33:00.0780 428956        BthPan - ok
16:33:00.0784 428956        BTHPORT - ok
16:33:00.0804 428956        BTHUSB - ok
16:33:00.0814 428956        cdfs - ok
16:33:00.0828 428956        cdrom - ok
16:33:00.0855 428956        circlass - ok
16:33:00.0861 428956        CLFS - ok
16:33:00.0889 428956        CmBatt - ok
16:33:00.0893 428956        cmdide - ok
16:33:00.0897 428956        CNG - ok
16:33:00.0904 428956        Compbatt - ok
16:33:00.0908 428956        CompositeBus - ok
16:33:00.0914 428956        crcdisk - ok
16:33:00.0925 428956        CSC - ok
16:33:00.0942 428956        DfsC - ok
16:33:00.0955 428956        discache - ok
16:33:00.0974 428956        Disk - ok
16:33:01.0024 428956        drmkaud - ok
16:33:01.0048 428956        DrvAgent32 - ok
16:33:01.0053 428956        DXGKrnl - ok
16:33:01.0059 428956        ebdrv - ok
16:33:01.0070 428956        elxstor - ok
16:33:01.0076 428956        ErrDev - ok
16:33:01.0086 428956        exfat - ok
16:33:01.0090 428956        fastfat - ok
16:33:01.0115 428956        fdc - ok
16:33:01.0124 428956        FileInfo - ok
16:33:01.0128 428956        Filetrace - ok
16:33:01.0133 428956        flpydisk - ok
16:33:01.0138 428956        FltMgr - ok
16:33:01.0146 428956        FsDepends - ok
16:33:01.0150 428956        Fs_Rec - ok
16:33:01.0155 428956        fvevol - ok
16:33:01.0180 428956        gagp30kx - ok
16:33:01.0240 428956        GDBehave - ok
16:33:01.0257 428956        GDMnIcpt - ok
16:33:01.0299 428956        GdNetMon - ok
16:33:01.0312 428956        GDPkIcpt - ok
16:33:01.0348 428956        gdwfpcd - ok
16:33:01.0356 428956        GEARAspiWDM - ok
16:33:01.0379 428956        giveio - ok
16:33:01.0388 428956        GRD - ok
16:33:01.0408 428956        grmnusb - ok
16:33:01.0441 428956        hcw85cir - ok
16:33:01.0460 428956        HdAudAddService - ok
16:33:01.0470 428956        HDAudBus - ok
16:33:01.0474 428956        HidBatt - ok
16:33:01.0479 428956        HidBth - ok
16:33:01.0497 428956        HidIr - ok
16:33:01.0507 428956        HidUsb - ok
16:33:01.0545 428956        HookCentre - ok
16:33:01.0557 428956        HpSAMD - ok
16:33:01.0571 428956        HTTP - ok
16:33:01.0580 428956        hwpolicy - ok
16:33:01.0591 428956        i8042prt - ok
16:33:01.0600 428956        iaStorV - ok
16:33:01.0607 428956        iirsp - ok
16:33:01.0640 428956        inpout32 - ok
16:33:01.0656 428956        IntcAzAudAddService - ok
16:33:01.0660 428956        intelide - ok
16:33:01.0664 428956        intelppm - ok
16:33:01.0670 428956        IpFilterDriver - ok
16:33:01.0679 428956        IPMIDRV - ok
16:33:01.0684 428956        IPNAT - ok
16:33:01.0693 428956        IRENUM - ok
16:33:01.0711 428956        IRRemoteFlt - ok
16:33:01.0715 428956        isapnp - ok
16:33:01.0719 428956        iScsiPrt - ok
16:33:01.0741 428956        kbdclass - ok
16:33:01.0751 428956        kbdhid - ok
16:33:01.0755 428956        KeyAgent - ok
16:33:01.0788 428956        KeyMagic - ok
16:33:01.0793 428956        KSecDD - ok
16:33:01.0797 428956        KSecPkg - ok
16:33:01.0851 428956        LHidFilt - ok
16:33:01.0865 428956        lltdio - ok
16:33:01.0877 428956        LMouFilt - ok
16:33:01.0885 428956        LSI_FC - ok
16:33:01.0889 428956        LSI_SAS - ok
16:33:01.0894 428956        LSI_SAS2 - ok
16:33:01.0898 428956        LSI_SCSI - ok
16:33:01.0909 428956        luafv - ok
16:33:01.0918 428956        MacHALDriver - ok
16:33:01.0940 428956        massfilter - ok
16:33:01.0980 428956        MBAMProtector - ok
16:33:01.0998 428956        mdf16 - ok
16:33:02.0002 428956        megasas - ok
16:33:02.0019 428956        MegaSR - ok
16:33:02.0026 428956        Modem - ok
16:33:02.0040 428956        monitor - ok
16:33:02.0054 428956        mouclass - ok
16:33:02.0060 428956        mouhid - ok
16:33:02.0070 428956        mountmgr - ok
16:33:02.0077 428956        mpio - ok
16:33:02.0080 428956        mpsdrv - ok
16:33:02.0086 428956        MRxDAV - ok
16:33:02.0092 428956        mrxsmb - ok
16:33:02.0096 428956        mrxsmb10 - ok
16:33:02.0100 428956        mrxsmb20 - ok
16:33:02.0105 428956        msahci - ok
16:33:02.0108 428956        msdsm - ok
16:33:02.0119 428956        Msfs - ok
16:33:02.0123 428956        mshidkmdf - ok
16:33:02.0128 428956        msisadrv - ok
16:33:02.0146 428956        MSKSSRV - ok
16:33:02.0152 428956        MSPCLOCK - ok
16:33:02.0156 428956        MSPQM - ok
16:33:02.0161 428956        MsRPC - ok
16:33:02.0168 428956        mssmbios - ok
16:33:02.0172 428956        MSTEE - ok
16:33:02.0176 428956        MTConfig - ok
16:33:02.0180 428956        Mup - ok
16:33:02.0185 428956        mvd23 - ok
16:33:02.0192 428956        NativeWifiP - ok
16:33:02.0200 428956        NDIS - ok
16:33:02.0204 428956        NdisCap - ok
16:33:02.0208 428956        NdisTapi - ok
16:33:02.0218 428956        Ndisuio - ok
16:33:02.0223 428956        NdisWan - ok
16:33:02.0227 428956        NDProxy - ok
16:33:02.0237 428956        Netaapl - ok
16:33:02.0243 428956        NetBIOS - ok
16:33:02.0247 428956        NetBT - ok
16:33:02.0280 428956        nfrd960 - ok
16:33:02.0287 428956        Npfs - ok
16:33:02.0312 428956        NRKCTL32 - ok
16:33:02.0318 428956        nsiproxy - ok
16:33:02.0324 428956        Ntfs - ok
16:33:02.0329 428956        Null - ok
16:33:02.0333 428956        NVENETFD - ok
16:33:02.0341 428956        nvlddmkm - ok
16:33:02.0382 428956        NVNET - ok
16:33:02.0396 428956        nvraid - ok
16:33:02.0402 428956        nvsmu - ok
16:33:02.0407 428956        nvstor - ok
16:33:02.0441 428956        nv_agp - ok
16:33:02.0451 428956        ohci1394 - ok
16:33:02.0511 428956        Parport - ok
16:33:02.0517 428956        partmgr - ok
16:33:02.0524 428956        Parvdm - ok
16:33:02.0530 428956        pci - ok
16:33:02.0535 428956        pcidrv - ok
16:33:02.0539 428956        pciide - ok
16:33:02.0543 428956        pcmcia - ok
16:33:02.0548 428956        pcw - ok
16:33:02.0552 428956        PEAUTH - ok
16:33:02.0676 428956        PptpMiniport - ok
16:33:02.0681 428956        Processor - ok
16:33:02.0713 428956        Psched - ok
16:33:02.0728 428956        ql2300 - ok
16:33:02.0733 428956        ql40xx - ok
16:33:02.0740 428956        QWAVEdrv - ok
16:33:02.0746 428956        RasAcd - ok
16:33:02.0751 428956        RasAgileVpn - ok
16:33:02.0758 428956        Rasl2tp - ok
16:33:02.0778 428956        RasPppoe - ok
16:33:02.0783 428956        RasSstp - ok
16:33:02.0787 428956        rdbss - ok
16:33:02.0791 428956        rdpbus - ok
16:33:02.0796 428956        RDPCDD - ok
16:33:02.0802 428956        RDPDR - ok
16:33:02.0807 428956        RDPENCDD - ok
16:33:02.0814 428956        RDPREFMP - ok
16:33:02.0818 428956        RDPWD - ok
16:33:02.0822 428956        rdyboost - ok
16:33:02.0836 428956        RFCOMM - ok
16:33:02.0847 428956        RimUsb - ok
16:33:02.0865 428956        rspndr - ok
16:33:02.0869 428956        s3cap - ok
16:33:02.0875 428956        sbp2port - ok
16:33:02.0882 428956        scfilter - ok
16:33:02.0895 428956        secdrv - ok
16:33:02.0907 428956        Serenum - ok
16:33:02.0911 428956        Serial - ok
16:33:02.0916 428956        sermouse - ok
16:33:02.0927 428956        sffdisk - ok
16:33:02.0933 428956        sffp_mmc - ok
16:33:02.0937 428956        sffp_sd - ok
16:33:02.0941 428956        sfloppy - ok
16:33:02.0952 428956        sisagp - ok
16:33:02.0956 428956        SiSRaid2 - ok
16:33:02.0963 428956        SiSRaid4 - ok
16:33:02.0986 428956        Smb - ok
16:33:03.0029 428956        speedfan - ok
16:33:03.0033 428956        spldr - ok
16:33:03.0046 428956        srv - ok
16:33:03.0050 428956        srv2 - ok
16:33:03.0055 428956        srvnet - ok
16:33:03.0059 428956        sscdbus - ok
16:33:03.0088 428956        sscdmdfl - ok
16:33:03.0093 428956        sscdmdm - ok
16:33:03.0113 428956        StarOpen - ok
16:33:03.0134 428956        stexstor - ok
16:33:03.0153 428956        storflt - ok
16:33:03.0162 428956        storvsc - ok
16:33:03.0167 428956        swenum - ok
16:33:03.0195 428956        Tcpip - ok
16:33:03.0199 428956        TCPIP6 - ok
16:33:03.0206 428956        tcpipreg - ok
16:33:03.0212 428956        TDPIPE - ok
16:33:03.0219 428956        TDTCP - ok
16:33:03.0223 428956        tdx - ok
16:33:03.0229 428956        TermDD - ok
16:33:03.0270 428956        tssecsrv - ok
16:33:03.0292 428956        TsUsbFlt - ok
16:33:03.0303 428956        tunnel - ok
16:33:03.0307 428956        uagp35 - ok
16:33:03.0311 428956        udfs - ok
16:33:03.0323 428956        uliagpkx - ok
16:33:03.0326 428956        umbus - ok
16:33:03.0331 428956        UmPass - ok
16:33:03.0342 428956        USBAAPL - ok
16:33:03.0373 428956        usbaudio - ok
16:33:03.0378 428956        usbccgp - ok
16:33:03.0382 428956        usbcir - ok
16:33:03.0386 428956        usbehci - ok
16:33:03.0394 428956        usbhub - ok
16:33:03.0398 428956        usbohci - ok
16:33:03.0415 428956        usbprint - ok
16:33:03.0432 428956        usbscan - ok
16:33:03.0440 428956        USBSTOR - ok
16:33:03.0449 428956        usbuhci - ok
16:33:03.0457 428956        usbvideo - ok
16:33:03.0476 428956        usb_rndisx - ok
16:33:03.0487 428956        vdrvroot - ok
16:33:03.0497 428956        vga - ok
16:33:03.0501 428956        VgaSave - ok
16:33:03.0505 428956        vhdmp - ok
16:33:03.0513 428956        viaagp - ok
16:33:03.0517 428956        ViaC7 - ok
16:33:03.0530 428956        viaide - ok
16:33:03.0534 428956        vmbus - ok
16:33:03.0538 428956        VMBusHID - ok
16:33:03.0542 428956        volmgr - ok
16:33:03.0547 428956        volmgrx - ok
16:33:03.0551 428956        volsnap - ok
16:33:03.0555 428956        vsmraid - ok
16:33:03.0562 428956        vwifibus - ok
16:33:03.0568 428956        vwififlt - ok
16:33:03.0573 428956        vwifimp - ok
16:33:03.0583 428956        WacomPen - ok
16:33:03.0587 428956        WANARP - ok
16:33:03.0591 428956        Wanarpv6 - ok
16:33:03.0617 428956        Wd - ok
16:33:03.0621 428956        Wdf01000 - ok
16:33:03.0638 428956        WfpLwf - ok
16:33:03.0643 428956        WIMMount - ok
16:33:03.0674 428956        WinUsb - ok
16:33:03.0680 428956        WmiAcpi - ok
16:33:03.0699 428956        ws2ifsl - ok
16:33:03.0713 428956        WudfPf - ok
16:33:03.0717 428956        WUDFRd - ok
16:33:03.0735 428956        ZTEusbmdm6k - ok
16:33:03.0756 428956        ZTEusbnmea - ok
16:33:03.0761 428956        ZTEusbser6k - ok
16:33:03.0809 428956        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:33:03.0974 428956        \Device\Harddisk0\DR0 - ok
16:33:03.0983 428956        Boot (0x1200)  (f00df79ecae519202bdeea2c1431628d) \Device\Harddisk0\DR0\Partition0
16:33:03.0983 428956        \Device\Harddisk0\DR0\Partition0 - ok
16:33:03.0991 428956        Boot (0x1200)  (be06d81fa7b7e864a0249b11a07c1b83) \Device\Harddisk0\DR0\Partition1
16:33:03.0992 428956        \Device\Harddisk0\DR0\Partition1 - ok
16:33:04.0003 428956        Boot (0x1200)  (5836c6d9dade5451c99c3aa2a7366c36) \Device\Harddisk0\DR0\Partition2
16:33:04.0004 428956        \Device\Harddisk0\DR0\Partition2 - ok
16:33:04.0007 428956        ============================================================
16:33:04.0007 428956        Scan finished
16:33:04.0007 428956        ============================================================
16:33:04.0021 428692        Detected object count: 0
16:33:04.0021 428692        Actual detected object count: 0
nix gefunden :)

cosinus 10.03.2012 16:49
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Klecks1988 11.03.2012 16:40
Hi Arne,

ich habe alles durchgeführt. Allerdings glaube ich, dass der BKA Trojaner noch vorhanden ist. Ich soll eine Zahlung von 100 Euro leisten.

Wie soll ich nun vorgehen?

Klecks1988 11.03.2012 17:32
OTL Scan im abgesicherten Modus.

OTL Logfile:
Code:
OTL logfile created on: 11.03.2012 17:20:09 - Run 2
OTL by OldTimer - Version 3.2.36.1    Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 71,02% Memory free
5,72 Gb Paging File | 4,97 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,95 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
 
Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) --  File not found
DRV - (ZTEusbnmea) --  File not found
DRV - (ZTEusbmdm6k) --  File not found
DRV - (pcidrv) --  File not found
DRV - (NRKCTL32) --  File not found
DRV - (massfilter) --  File not found
DRV - (catchme) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M]
 
[2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar
[2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml
[2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak
[2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop
[2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software
[2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents
[2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax
[2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook
[2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot
[2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder
[2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg
[2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg
[2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
[2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82}
[2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg
[2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys
[2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
 
========== LOP Check ==========
 
[2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft
[2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost
[2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot
[2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN
[2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo
[2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ
[2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape
[2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files
[2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung
[2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE
[2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue
[2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


p.s. ich benutze bootcamp. gdata internet security 2012 als firewall und virenprogramm. Welche zusätzlichen tools sollte ich noch beschaffen? Ich hatte bisher keine Probleme mit Viren...Es häuft sich in den letzten Woche leider.

Klecks1988 11.03.2012 17:44
Ich habe soeben alte Posts durchforstet.

Ich habe die dort beschriebenen Empfehlungen befolgt.
Hier OTL Scan Extras und normal

Normal:
OTL Logfile:
Code:
OTL logfile created on: 11.03.2012 17:37:32 - Run 2
OTL by OldTimer - Version 3.2.36.1    Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free
5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) --  File not found
DRV - (ZTEusbnmea) --  File not found
DRV - (ZTEusbmdm6k) --  File not found
DRV - (pcidrv) --  File not found
DRV - (NRKCTL32) --  File not found
DRV - (massfilter) --  File not found
DRV - (catchme) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M]
 
[2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.03.11 17:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar
[2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml
[2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak
[2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.07 02:36:21 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.03.07 02:36:19 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.03.07 02:36:19 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.03.07 02:36:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.03.07 02:36:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop
[2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software
[2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.02 01:52:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents
[2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax
[2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook
[2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot
[2012.02.16 00:17:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.16 00:17:47 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.16 00:17:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.16 00:17:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.16 00:17:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.16 00:17:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.15 12:38:49 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.15 12:22:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder
[2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg
[2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.03.09 15:27:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg
[2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
[2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82}
[2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg
[2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys
[2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
 
========== LOP Check ==========
 
[2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft
[2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost
[2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot
[2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN
[2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo
[2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ
[2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape
[2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files
[2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung
[2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE
[2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue
[2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Extras
OTL Logfile:
Code:
OTL Extras logfile created on: 11.03.2012 17:37:32 - Run 2
OTL by OldTimer - Version 3.2.36.1    Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free
5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09D25025-D7A2-47BA-99D4-3147DDD2D4A5}" = Oracle IRM Desktop
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58D335B6-B3C6-4465-AEC3-6442BC323723}" = SharpKeys
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.8.3.10)
"0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-Treiberpaket - Marvell (yukonwlh) Net  (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)
"20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"44E2556E81BCB991055DD976642491906DD3B8A0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5405F83664E016638462F8F8C1DAE59D04942778" = Windows-Treiberpaket - Apple Inc. Bluetooth  (11/23/2009 3.0.0.4)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)
"68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)
"7-Zip" = 7-Zip 9.20
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows-Treiberpaket - Broadcom (b57nd60x) Net  (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"DivX Setup.divx.com" = DivX-Setup
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"DriverAgent.exe" = DriverAgent by eSupport.com
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)
"ESET Online Scanner" = ESET Online Scanner v3
"EventGhost_is1" = EventGhost 0.3.7.r1462
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Game Booster_is1" = Game Booster
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pharos" = Pharos
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShapeCollage" = Shape Collage
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"STANDARDR" = Microsoft Office Standard 2007
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.10.2011 17:19:02 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1099479
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1100478
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1100478
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1101492
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1101492
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1102490
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1102490
 
[ OSession Events ]
Error - 27.02.2012 10:42:16 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 06:20:17 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 06:21:13 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 12:57:00 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 04:17:26 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:02:20 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:02:53 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:04:14 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 66
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:05:21 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2012 07:26:01 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54271
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---

Klecks1988 11.03.2012 17:49
CC Cleaner Log Scan

Code:
Logfile vom Scan via 7-Zip 9.20                08.03.2012               
Adobe AIR        Adobe Systems Inc.        01.03.2012                2.5.1.17730
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        01.03.2012        6,00MB        10.1.53.64
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.03.2012        6,00MB        11.1.102.63
Adobe Reader 9.5.0 - Deutsch        Adobe Systems Incorporated        30.01.2012        118,3MB        9.5.0
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        01.03.2012                11.5.9.620
Apple Application Support        Apple Inc.        08.03.2012        61,0MB        2.1.7
Apple Mobile Device Support        Apple Inc.        08.03.2012        24,2MB        5.1.1.4
Apple Software Update        Apple Inc.        17.07.2011        2,38MB        2.1.3.127
BeCyPDFMetaEdit        Benjamin Bentmann        01.03.2012                2.37.0
Bonjour        Apple Inc.        19.10.2011        1,02MB        3.0.0.10
Boot Camp-Dienste        Apple Inc.        30.08.2011        193,9MB        3.3.2921
CCleaner        Piriform        10.03.2012                3.16
DivX-Setup        DivX, Inc.        01.03.2012                1.0.2.23
DoremiSoft AVI to MP4 Converter 1.0        DoremiSoft, Inc.        01.03.2012                1.0
Driver Detective        PC Drivers HeadQuarters        17.07.2010        9,95MB        8.0.1
DriverAgent by eSupport.com                01.03.2012               
EA Download Manager UI        Electronic Arts        01.03.2012                6.0.4.10
ESET Online Scanner v3                04.03.2012               
EventGhost 0.3.7.r1462        EventGhost Project        25.06.2010                0.3.7.r1462
EVEREST Home Edition v2.20        Lavalys Inc        01.03.2012                2.20
Facebook Video Calling 1.1.1.1        Skype Limited        21.02.2012        3,93MB        1.1.1
Fraps                01.03.2012               
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        21.07.2010        8,08MB       
Free Audio Converter version 2.2.9        DVDVideoSoft Limited.        21.11.2010        25,6MB       
Free YouTube Download 2.10        DVDVideoSoft Limited.        21.11.2010        26,1MB       
Free YouTube to MP3 Converter version 3.7        DVDVideoSoft Limited.        21.07.2010        32,0MB       
G Data InternetSecurity 2011        G Data Software AG        28.01.2011        69,7MB        21.0.0.0
Game Booster        IObit        16.07.2010        3,18MB        1.5.0.96
Garmin Training Center        Garmin Ltd or its subsidiaries        30.06.2010        43,6MB        3.4.5
Garmin USB Drivers        Garmin Ltd or its subsidiaries        30.06.2010        0,12MB        2.3.0.0
GMATPrep(TM)        Graduate Management Admission Council ®        02.10.2011                2.3.601.409
Google Earth        Google        24.11.2011        92,7MB        6.1.0.5001
iCloud        Apple Inc.        08.03.2012        24,3MB        1.1.0.40
ICQ 7.2 Build #3129 Banner Remover 1.0        murb.com        16.07.2010        1,02MB       
ICQ7.2        ICQ        16.12.2010                7.2
Intel(R) Programm für Prozessor-IDs        Intel Corporation        16.07.2010        3,97MB        4.22.0000
iTunes        Apple Inc.        08.03.2012        157,4MB        10.6.0.40
Java(TM) 6 Update 27        Oracle        19.09.2011        95,0MB        6.0.270
Logitech SetPoint 6.32        Logitech        01.03.2012        39,1MB        6.32.20
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        01.03.2012        17,3MB        1.60.1.1000
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        01.03.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        01.03.2012        2,94MB        4.0.30319
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        7,95MB        14.0.5130.5003
Microsoft Office Standard 2007        Microsoft Corporation        07.03.2012                12.0.6612.1000
Microsoft Project Professional 2010        Microsoft Corporation        01.03.2012                14.0.6029.1000
Microsoft Silverlight        Microsoft Corporation        15.02.2012        40,5MB        4.1.10111.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        22.06.2011        0,29MB        8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        18.08.2010        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        04.05.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        14.08.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        22.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        13.11.2011        15,0MB        10.0.40219
MobileMe Control Panel        Apple Inc.        26.10.2011        12,9MB        3.1.8.0
Mozilla Firefox 10.0.2 (x86 de)        Mozilla        01.03.2012        43,0MB        10.0.2
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        20.06.2010        35,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        20.06.2010        1,33MB        4.20.9876.0
MyTomTom 3.1.0.530        TomTom        01.03.2012                3.1.0.530
NVIDIA 3D Vision Treiber 285.62        NVIDIA Corporation        11.11.2011                285.62
NVIDIA Display Control Panel        NVIDIA Corporation        01.03.2012                6.14.12.5721
NVIDIA Drivers        NVIDIA Corporation        01.03.2012        67,5MB        1.10.61.39
NVIDIA Grafiktreiber 285.62        NVIDIA Corporation        11.11.2011                285.62
NVIDIA PhysX-Systemsoftware 9.11.0621        NVIDIA Corporation        11.11.2011                9.11.0621
NVIDIA Update 1.5.20        NVIDIA Corporation        11.11.2011                1.5.20
Octoshape add-in for Adobe Flash Player                07.08.2010               
Octoshape Streaming Services                18.08.2010               
Oracle IRM Desktop        Oracle Corporation        04.03.2012        23,2MB        11.1.54.2
PASW Statistics 18        SPSS Inc.        03.12.2010        600MB        18.0.0
PDFCreator        Frank Heindörfer, Philip Chinery        06.03.2012                1.2.3
pdfsam                19.09.2011                2.2.1
Pharos                01.03.2012               
PunkBuster for Joint Operations: Typhoon Rising                01.03.2012                1.00.0000
PunkBuster Services        Even Balance, Inc.        01.03.2012                0.988
QuickTime        Apple Inc.        26.10.2011        73,3MB        7.71.80.42
RealPlayer        RealNetworks        01.03.2012               
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        09.08.2010                6.0.1.5936
Safari        Apple Inc.        14.12.2011        43,3MB        5.34.52.7
Samsung Drive Manager        Clarus        05.01.2012                1.0.140
SAMSUNG Mobile Composite Device Software                01.03.2012               
SAMSUNG Mobile Modem Driver Set                01.03.2012               
Samsung Mobile phone USB driver Drive Software                01.03.2012               
SAMSUNG Mobile USB Modem 1.0 Software                01.03.2012               
SAMSUNG Mobile USB Modem Software                01.03.2012               
Samsung PC Studio 3        Samsung Electronics Co., Ltd.        19.06.2010                3.2.2.80601
Shape Collage        Shape Collage Inc.        01.03.2012               
SharpKeys        RandyRants.com        02.09.2010        88,00KB        2.1.1000
Skype Click to Call        Skype Technologies S.A.        03.03.2012        14,4MB        5.9.9216
Skype™ 5.8        Skype Technologies S.A.        05.03.2012        19,0MB        5.8.158
SpeedFan (remove only)                01.03.2012               
Steam        Valve Corporation        11.11.2011        35,5MB        1.0.0.0
System Requirements Lab                01.03.2012               
TeamSpeak 3 Client        TeamSpeak Systems GmbH        01.03.2012               
The Elder Scrolls V: Skyrim        Bethesda Game Studios        01.03.2012               
Trojan Remover 6.8.3        Simply Super Software        01.03.2012        16,3MB        6.8.3
Veetle TV 0.9.18        Veetle, Inc        01.03.2012                0.9.18
Visual Studio C++ 10.0 Runtime        TomTom International B.V.        28.01.2012        8,00KB        10.0.0
VLC media player 1.1.4        VideoLAN        01.03.2012                1.1.4
Winamp        Nullsoft, Inc        01.03.2012                5.621
Winamp Erkennungs-Plug-in        Nullsoft, Inc        15.09.2011        75,00KB        1.0.0.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)        Garmin        01.03.2012                06/03/2009 2.3.0.0
Windows Media Player Firefox Plugin        Microsoft Corp        15.06.2010        0,29MB        1.0.0.8
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)        Apple Inc.        01.03.2012                01/11/2008 3.4.3.18
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.8.3.10)        Apple Inc.        01.03.2012                02/01/2008 3.8.3.10
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)        Apple Inc.        01.03.2012                06/27/2007 2.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)        Apple Inc.        01.03.2012                04/27/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)        Apple Inc.        01.03.2012                11/23/2009 3.1.0.1
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)        Apple Inc.        01.03.2012                10/25/2007 2.0.1.0
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)        Apple Inc.        01.03.2012                01/23/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)        Apple Inc.        01.03.2012                02/21/2008 2.0.4.0
Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)        Apple Inc.        01.03.2012                04/06/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)        Apple Inc.        01.03.2012                05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)        Apple Inc.        01.03.2012                03/25/2009 2.1.2.112
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)        Apple Inc.        01.03.2012                05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)        Apple Inc.        01.03.2012                09/10/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)        Apple Inc.        01.03.2012                10/05/2010 3.2.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)        Apple Inc.        01.03.2012                03/25/2009 2.1.2.112
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)        Apple Inc.        01.03.2012                05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)        Apple Inc.        01.03.2012                09/10/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)        Apple Inc.        01.03.2012                10/05/2010 3.2.0.1
Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)        Apple Inc.        01.03.2012                01/17/2008 2.0.2.2
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)        Apple Inc.        01.03.2012                05/17/2010 3.1.0.0
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)        Apple Inc.        01.03.2012                04/05/2011 3.2.0.8
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)        Apple Inc.        01.03.2012                07/13/2009 3.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)        Apple Inc.        01.03.2012                07/13/2009 3.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)        Apple Inc.        01.03.2012                06/01/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)        Apple Inc.        01.03.2012                11/30/2009 3.0.0.6
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)        Apple Inc.        01.03.2012                08/24/2010 3.1.0.7
Windows-Treiberpaket - Apple Inc. Bluetooth  (11/23/2009 3.0.0.4)        Apple Inc.        01.03.2012                11/23/2009 3.0.0.4
Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)        Apple Inc.        01.03.2012                08/22/2008 2.1.1.1
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)        Atheros Communications Inc.        01.03.2012                11/18/2009 8.0.0.258
Windows-Treiberpaket - Broadcom (b57nd60x) Net  (05/28/2009 12.2.0.3)        Broadcom        01.03.2012                05/28/2009 12.2.0.3
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)        Broadcom        01.03.2012                08/21/2009 5.60.18.8
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)        Cirrus Logic, Inc.        01.03.2012                01/02/2010 6.6001.1.21
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)        Cirrus Logic, Inc.        01.03.2012                08/16/2010 6.6001.1.26
Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)        Intel        01.03.2012                02/06/2008 9.12.17.0
Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)        Intel        01.03.2012                01/08/2008 8.3.9.0
Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)        Intel        01.03.2012                07/22/2008 10.3.45.0
Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)        Intel        01.03.2012                08/05/2008 10.3.49.0
Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)        Intel        01.03.2012                07/16/2008 9.52.10.0
Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)        Intel        01.03.2012                02/06/2008 9.12.18.0
Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)        Intel        01.03.2012                06/13/2008 9.52.9.0
Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)        Intel        01.03.2012                07/22/2008 10.3.45.0
Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)        Intel        01.03.2012                08/05/2008 10.3.49.0
Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)        Intel        01.03.2012                11/07/2007 8.10.1.0
Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)        Intel        01.03.2012                07/20/2007 1.2.76.0
Windows-Treiberpaket - Marvell (yukonwlh) Net  (03/23/2007 10.12.7.3)        Marvell        01.03.2012                03/23/2007 10.12.7.3
WinRAR                01.03.2012               
Xvid 1.2.2 final uninstall        Xvid team (Koepi)        01.03.2012                1.2
Ich hoffe, dass mein Vorgehen richtig ist. Bitte lass es mich wissen, wenn ich in Zukunft anders vorgehen soll!! Vielen Dank :)

Klecks1988 11.03.2012 21:09
Mein Malwarebytes Scan Log
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.11.08

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Xxxander :: XXX-PC [Administrator]

Schutz: Deaktiviert

11.03.2012 17:58:33
mbam-log-2012-03-11 (17-58-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328932
Laufzeit: 1 Stunde(n), 10 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|55639 (Spyware.Zeus) -> Daten: C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\Local Settings\Temp\msbufn.cmd (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
SuperAntispyware Scan:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/11/2012 at 06:14 PM

Application Version : 5.0.1146

Core Rules Database Version : 8324
Trace Rules Database Version: 6136

Scan type      : Quick Scan
Total Scan Time : 00:23:30

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 505
Memory threats detected  : 0
Registry items scanned    : 27820
Registry threats detected : 0
File items scanned        : 14680
File threats detected    : 3

Adware.Tracking Cookie
        .doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]

cosinus 12.03.2012 15:14
Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!

Klecks1988 13.03.2012 07:29
Zitat:
Zitat von cosinus (Beitrag 790405)
Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!
Sorry für mein falsches Vorgehen. Anbei der Log vom Combo Fix

Code:
ComboFix 12-03-10.02 - Xxx 13.03.2012  2:14.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2792.1868 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Xxx\AppData\Roaming\froot
c:\windows\system32\~.inf
c:\windows\system32\odbcad32.exe
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 06:20 . 2012-03-13 06:21        --------        d-----w-        c:\users\Xxx\AppData\Local\temp
2012-03-13 06:20 . 2012-03-13 06:20        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 06:20 . 2012-03-13 06:20        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-12 20:46 . 2012-03-12 20:56        2512121        ----a-w-        c:\windows\system32\~.tmp
2012-03-11 16:50 . 2012-03-11 16:50        --------        d-----w-        c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 16:49 . 2012-03-11 16:50        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-03-11 16:49 . 2012-03-11 16:49        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-03-11 16:40 . 2012-03-11 16:40        --------        d-----w-        c:\program files\CCleaner
2012-03-11 15:16 . 2012-03-11 15:17        --------        d-----w-        c:\users\Xxx\AppData\Roaming\kodak
2012-03-11 15:16 . 2012-03-13 03:51        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll
2012-03-11 15:16 . 2012-03-11 15:16        --------        d-----w-        c:\programdata\Local Settings
2012-03-09 15:02 . 2012-03-09 15:02        --------        d-----w-        C:\_OTL
2012-03-09 14:29 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll
2012-03-09 00:49 . 2012-03-09 00:49        --------        d-----w-        c:\program files\7-Zip
2012-03-09 00:09 . 2012-03-09 00:09        --------        d-----w-        c:\program files\iPod
2012-03-09 00:09 . 2012-03-09 00:11        --------        d-----w-        c:\program files\iTunes
2012-03-07 01:36 . 2001-10-28 16:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2012-03-07 01:36 . 1998-06-24 00:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2012-03-07 01:36 . 1998-07-06 17:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2012-03-07 01:36 . 1998-07-06 00:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2012-03-07 01:36 . 2012-03-07 01:36        --------        d-----w-        c:\program files\PDFCreator
2012-03-05 20:48 . 2012-03-05 20:48        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\program files\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\programdata\Oracle
2012-03-05 20:22 . 2012-03-05 20:22        --------        d-----w-        c:\program files\ESET
2012-03-04 15:56 . 2012-03-04 15:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-03-02 00:52 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2012-03-02 00:52 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2012-03-02 00:52 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2012-03-02 00:52 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2012-03-02 00:52 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2012-03-02 00:52 . 2012-03-02 07:04        --------        d-----w-        c:\program files\Trojan Remover
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Simply Super Software
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\programdata\Simply Super Software
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-02 00:45 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-22 17:00 . 2012-02-22 17:00        --------        d-----w-        c:\programdata\Xerox
2012-02-22 17:00 . 2011-06-16 09:24        10240        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Roaming\NVIDIA
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Local\Facebook
2012-02-15 11:38 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 11:22 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 11:21 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 11:21 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:27 . 2011-05-16 10:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-06-16 00:01        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-27 22:21 . 2011-12-27 22:21        53248        ----a-r-        c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-27 22:21 . 2011-12-27 22:21        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-02-18 14:12 . 2011-05-13 08:15        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52        59240        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40        1387288        ----a-w-        c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-02-21 23:24        137536        ----atw-        c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe]
2011-12-13 14:37        661888        ----a-w-        c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53        460872        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02        435672        ----a-w-        c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44        70936        ----a-w-        c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-09 15:04        7739936        ------w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager]
2011-05-26 13:39        5797496        ----a-w-        c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 12:24        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-07 17:40        273528        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-03-02 00:53        1238800        ----a-w-        c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NRKCTL32;NRKCTL32; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
MSConfigStartUp-UIExec - c:\program files\T-Mobile Internet Manager 03\UIExec.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Xxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65,
  de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\
"rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  07:25:00
ComboFix-quarantined-files.txt  2012-03-13 06:24
.
Vor Suchlauf: 12 Verzeichnis(se), 28.978.814.976 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.981.110.784 Bytes frei
.
- - End Of File - - A5F8B2C9A3A013B6726716C6B6EA2D95
VG
Klecks

cosinus 13.03.2012 16:59
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\~.tmp
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Klecks1988 13.03.2012 19:34
Hi Arne,

der neue Combo Fix Log. ( Es gab keine Nachfrage bzgl. Neustart)

Combofix Logfile:
Code:
ComboFix 12-03-10.02 - Xxx 13.03.2012  18:41:07.3.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2792.1393 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Xxx\Downloads\CFScript.txt
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\~.tmp"
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 17:54 . 2012-03-13 17:54        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 17:54 . 2012-03-13 17:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-13 06:25 . 2012-03-13 17:54        --------        d-----w-        c:\users\Xxx\AppData\Local\temp
2012-03-12 20:46 . 2012-03-12 20:56        2512121        ----a-w-        c:\windows\system32\~.tmp
2012-03-11 16:50 . 2012-03-11 16:50        --------        d-----w-        c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 16:49 . 2012-03-11 16:50        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-03-11 16:49 . 2012-03-11 16:49        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-03-11 16:40 . 2012-03-11 16:40        --------        d-----w-        c:\program files\CCleaner
2012-03-11 15:16 . 2012-03-11 15:17        --------        d-----w-        c:\users\Xxx\AppData\Roaming\kodak
2012-03-11 15:16 . 2012-03-13 03:51        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll
2012-03-11 15:16 . 2012-03-11 15:16        --------        d-----w-        c:\programdata\Local Settings
2012-03-09 15:02 . 2012-03-09 15:02        --------        d-----w-        C:\_OTL
2012-03-09 14:29 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll
2012-03-09 00:49 . 2012-03-09 00:49        --------        d-----w-        c:\program files\7-Zip
2012-03-09 00:09 . 2012-03-09 00:09        --------        d-----w-        c:\program files\iPod
2012-03-09 00:09 . 2012-03-09 00:11        --------        d-----w-        c:\program files\iTunes
2012-03-07 01:36 . 2001-10-28 16:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2012-03-07 01:36 . 1998-06-24 00:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2012-03-07 01:36 . 1998-07-06 17:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2012-03-07 01:36 . 1998-07-06 00:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2012-03-07 01:36 . 2012-03-07 01:36        --------        d-----w-        c:\program files\PDFCreator
2012-03-05 20:48 . 2012-03-05 20:48        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\program files\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\programdata\Oracle
2012-03-05 20:22 . 2012-03-05 20:22        --------        d-----w-        c:\program files\ESET
2012-03-04 15:56 . 2012-03-04 15:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-03-02 00:52 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2012-03-02 00:52 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2012-03-02 00:52 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2012-03-02 00:52 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2012-03-02 00:52 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2012-03-02 00:52 . 2012-03-02 07:04        --------        d-----w-        c:\program files\Trojan Remover
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Simply Super Software
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\programdata\Simply Super Software
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-02 00:45 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-22 17:00 . 2012-02-22 17:00        --------        d-----w-        c:\programdata\Xerox
2012-02-22 17:00 . 2011-06-16 09:24        10240        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Roaming\NVIDIA
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Local\Facebook
2012-02-15 11:38 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 11:22 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 11:21 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 11:21 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01        43520        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:27 . 2011-05-16 10:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-06-16 00:01        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-27 22:21 . 2011-12-27 22:21        53248        ----a-r-        c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-27 22:21 . 2011-12-27 22:21        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-02-18 14:12 . 2011-05-13 08:15        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52        59240        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40        1387288        ----a-w-        c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-02-21 23:24        137536        ----atw-        c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe]
2011-12-13 14:37        661888        ----a-w-        c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53        460872        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02        435672        ----a-w-        c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44        70936        ----a-w-        c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-09 15:04        7739936        ------w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager]
2011-05-26 13:39        5797496        ----a-w-        c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 12:24        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-07 17:40        273528        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-03-02 00:53        1238800        ----a-w-        c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NRKCTL32;NRKCTL32; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65,
  de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\
"rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  19:31:25
ComboFix-quarantined-files.txt  2012-03-13 18:31
ComboFix2.txt  2012-03-13 06:25
.
Vor Suchlauf: 16 Verzeichnis(se), 32.989.253.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.932.249.600 Bytes frei
.
- - End Of File - - 00E97E58E6439C771DD9AA353C3FFFDF
--- --- ---

cosinus 13.03.2012 20:09
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Klecks1988 13.03.2012 22:47
Anbei die GMER und OSAM logs:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:45:54 on 13.03.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"IrmControlPanel" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmControlPanel.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AppleHFS" (AppleHFS) - "Apple Inc." - C:\Windows\system32\drivers\AppleHFS.sys
"AppleMNT" (AppleMNT) - "Apple Inc." - C:\Windows\system32\drivers\AppleMNT.sys
"catchme" (catchme) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys  (File not found)
"DrvAgent32" (DrvAgent32) - "Phoenix Technologies" - C:\Windows\system32\Drivers\DrvAgent32.sys
"G Data Network Monitor" (GdNetMon) - "G Data Software AG" - C:\Windows\system32\drivers\GdNetMon32.sys
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys
"G DATA WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"inpout32" (inpout32) - "Highresolution Enterprises [www.highrez.co.uk]" - C:\Windows\System32\Drivers\inpout32.sys
"KeyAgent" (KeyAgent) - "Apple Inc." - C:\Windows\system32\drivers\KeyAgent.sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys
"Mac HAL" (MacHALDriver) - "Apple Inc." - C:\Windows\system32\drivers\MacHALDriver.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"mdf16" (mdf16) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys
"mvd23" (mvd23) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys
"NRKCTL32" (NRKCTL32) - ? - C:\Windows\system32\drivers\NRKCTL32.sys  (File not found)
"pcidrv" (pcidrv) - ? - C:\Program Files\uICE\devices\pcidrv.sys  (File not found)
"pwldrpod" (pwldrpod) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)
"ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)
"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)
"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll
{EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll
{EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{68751EAA-C2BD-4319-A9E1-58D40ACFA03C} "OracleIRM.ShellExtension.InfotipExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{1E98CD8D-6AE0-47E1-99F7-B6BD24E61AAA} "OracleIRM.ShellExtension.PropertySheetExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{237013E6-C476-4D56-ABB6-40FC3412A78D} "OracleIRM.ShellExtension.ShortcutMenuExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Xxx Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Apple_KbdMgr" - "Apple Inc." - C:\Program Files\Boot Camp\Bootcamp.exe
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Pharos Systems Popup Port Monitor" - "Pharos Systems International" - C:\Windows\system32\PSR38A0E.DLL
"SealPrintMonitor" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Apple OS Switch Manager" (AppleOSSMgr) - ? - C:\Windows\system32\AppleOSSMgr.exe
"Apple-Time-Server" (AppleTimeSrv) - "Apple Inc." - C:\Windows\system32\AppleTimeSrv.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Oracle IRM Desktop Service Host" (OracleIRMServiceHost) - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe
"Pharos Systems ComTaskMaster" (Pharos Systems ComTaskMaster) - "Pharos Systems International" - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Samsung Drive Manager Service" (SZDrvSvc) - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-13 22:44:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA02 rev.FBEAC50F
Running: ub69lq4x.exe; Driver: C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                          83290369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                832C9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\drivers\awjqyoqt.sys                                                                                                          Das System kann den angegebenen Pfad nicht finden. !
PAGE            peauth.sys                                                                                                                            9D61EB9B 9 Bytes  JMP B9BDA47F
?              C:\Windows\system32\Drivers\mchInjDrv.sys                                                                                              Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys                                                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtClose                                                                                771D54C8 5 Bytes  JMP 020586E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtMapViewOfSection                                                                    771D5C28 5 Bytes  JMP 0205B280 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtQueryDirectoryFile                                                                  771D5F98 5 Bytes  JMP 02056550 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileW                                                                          76AF6AF7 5 Bytes  JMP 02059A80 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntW                                                              76AF7ACD 5 Bytes  JMP 02059070 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FlushFileBuffers                                                                    76AF84E7 5 Bytes  JMP 02058D30 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFileTime                                                                        76AFC3E2 5 Bytes  JMP 02059630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntA                                                              76AFDFE8 5 Bytes  JMP 02058FB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hread                                                                              76AFFAB0 5 Bytes  JMP 0205A630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_llseek                                                                            76AFFADE 5 Bytes  JMP 0205A750 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSize                                                                        76B00823 5 Bytes  JMP 02058EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileMappingW                                                                  76B0120C 5 Bytes  JMP 0205AEA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileW                                                                        76B016EF 5 Bytes  JMP 0205A520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileTime                                                                        76B016FC 5 Bytes  JMP 02059530 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetEndOfFile                                                                        76B02BA5 5 Bytes  JMP 02059260 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesExW                                                                76B0307E 5 Bytes  JMP 02059450 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileA                                                                        76B04382 5 Bytes  JMP 0205A410 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileExW                                                                        76B08DB0 5 Bytes  JMP 0205A0E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSizeEx                                                                      76B099B1 5 Bytes  JMP 02059190 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileW                                                                      76B09B4E 5 Bytes  JMP 0205ABB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReadFile                                                                            76B09B66 5 Bytes  JMP 02058860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileA                                                                      76B0A611 5 Bytes  JMP 0205AB50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileA                                                                      76B0BF53 5 Bytes  JMP 0205A7D0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DuplicateHandle                                                                    76B0D888 5 Bytes  JMP 0205AD50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileW                                                                        76B0E8A5 5 Bytes  JMP 020582A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileA                                                                        76B0EA61 5 Bytes  JMP 02057EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFilePointer                                                                      76B1060D 5 Bytes  JMP 02058D90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileW                                                                      76B1404C 5 Bytes  JMP 0205A900 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesW                                                                  76B14C14 5 Bytes  JMP 020593E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindClose                                                                          76B14C24 5 Bytes  JMP 0205AAF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!OpenFileMappingW                                                                    76B150EA 5 Bytes  JMP 0205B160 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!WriteFile                                                                          76B153EE 5 Bytes  JMP 02058AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileType                                                                        76B16AB4 5 Bytes  JMP 02059730 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileExW                                                                    76B16BD6 5 Bytes  JMP 0205A9F0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesA                                                                  76B16C06 5 Bytes  JMP 02059370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReplaceFile                                                                        76B21708 5 Bytes  JMP 0205A310 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileA                                                                          76B26D5A 5 Bytes  JMP 020598A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileW                                                                          76B26ED6 5 Bytes  JMP 02059E90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!UnlockFile                                                                          76B27B2B 5 Bytes  JMP 02059820 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!LockFile                                                                            76B27B43 5 Bytes  JMP 020597A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetShortPathNameA                                                                  76B29CEE 5 Bytes  JMP 0205AC10 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileA                                                                          76B4BF49 5 Bytes  JMP 02059C60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hwrite                                                                            76B4D505 5 Bytes  JMP 0205A6C0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDCEx                                                                              757A2D57 5 Bytes  JMP 02056AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetWindowDC                                                                          757A4AB7 5 Bytes  JMP 02056B40 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC                                                                            757A5421 3 Bytes  JMP 02057180 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC + 4                                                                        757A5425 1 Byte  [8C]
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDC                                                                                757A544C 5 Bytes  JMP 02056A60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!PrintWindow                                                                          757F4D87 5 Bytes  JMP 02057340 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!DeleteDC                                                                              75866EAA 5 Bytes  JMP 02057200 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!BitBlt                                                                                758672C0 5 Bytes  JMP 02056BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetPixel                                                                              7586C3D5 5 Bytes  JMP 02056D50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCA                                                                              7586CCA9 5 Bytes  JMP 020566A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCW                                                                              7586CF79 5 Bytes  JMP 02056880 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StretchBlt                                                                            7586F467 5 Bytes  JMP 02056FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileW                                                                          75871260 5 Bytes  JMP 02057860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileW                                                                        75871341 5 Bytes  JMP 02057980 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileW                                                                          7587456F 5 Bytes  JMP 02057AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileA                                                                          75893CD5 5 Bytes  JMP 02057400 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileA                                                                          758947C6 5 Bytes  JMP 02057640 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocW                                                                              75895BB0 5 Bytes  JMP 0205D440 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocA                                                                              758960E1 5 Bytes  JMP 0205D360 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyEnhMetaFileW                                                                      7589D651 5 Bytes  JMP 02057CB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileA                                                                        7589D758 5 Bytes  JMP 02057520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ole32.dll!CoInitializeEx                                                                        756609AD 5 Bytes  JMP 0205D690 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ole32.dll!DoDragDrop                                                                            7572A827 5 Bytes  JMP 0205B370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongA                                                  75798BA3 5 Bytes  JMP 5C1701A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongW                                                  757A4449 5 Bytes  JMP 5C170135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!GetWindowInfo                                                  757A4B5E 5 Bytes  JMP 5BF00924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!TrackPopupMenu                                                  757B2228 5 Bytes  JMP 5BF00ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[6788] ntdll.dll!LdrLoadDll                                                                771F223E 5 Bytes  JMP 5BD85B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[6788] USER32.dll!GetWindowInfo                                                            757A4B5E 5 Bytes  JMP 5BF0802D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000058                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000085                                                                                                        bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000087                                                                                                        bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0023125dfba3                                                           
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0023125dfba3 (not active ControlSet)                                       

---- Files - GMER 1.0.15 ----

File            C:\Users\Xxx\AppData\Local\temp\fla45F5.tmp                                                                                      7063172 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e                          0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll            1170944 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229                          0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll            1170944 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe                  3957616 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe                  3902320 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys        177152 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys        178176 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys        183808 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys        183808 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll        57856 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll        57856 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpwsx.dll        58880 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpwsx.dll        58880 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys                        2341376 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll                  1074176 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys                        2350592 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll                  1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll                  1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll                  1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe                  3971440 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe                  3915632 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll        152064 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe                  3968368 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe                  3913584 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe                  3971440 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe                  3916656 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys                        2343424 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys                        2351104 bytes executable

---- EOF - GMER 1.0.15 ----
Lg Klecks

Klecks1988 14.03.2012 07:52
aswMBR stürzt leider immer ab

cosinus 14.03.2012 15:18
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Klecks1988 14.03.2012 18:09
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 17:51:03
-----------------------------
17:51:03.429    OS Version: Windows 6.1.7601 Service Pack 1
17:51:03.429    Number of processors: 2 586 0x1706
17:51:03.433    ComputerName: XXX-PC  UserName:
17:51:06.462    Initialize success*
17:51:12.302    AVAST engine defs: 12031300
17:51:34.570    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:51:34.572    Disk 0 Vendor: Hitachi_HTS543225L9SA02 FBEAC50F Size: 238475MB BusType: 3
17:51:34.670    Disk 0 MBR read successfully
17:51:34.672    Disk 0 MBR scan
17:51:34.761    Disk 0 Windows 7 default MBR code
17:51:34.776    Disk 0 Partition 1 00    EE          GPT              200 MB offset 1
17:51:34.999    Disk 0 Partition 2 00    AF  HFS / HFS+            122880 MB offset 409640
17:51:35.073    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      115266 MB offset 252332032
17:51:35.114    Disk 0 scanning sectors +488396800
17:51:35.267    Disk 0 scanning C:\Windows\system32\drivers
17:52:16.872    Service scanning
17:53:22.141    Modules scanning
17:54:34.778    Disk 0 trace - called modules:
17:54:34.798    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:54:34.798    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865bc210]
17:54:34.798    3 CLASSPNP.SYS[8b47059e] -> nt!IofCallDriver -> [0x86144918]
17:54:34.798    5 ACPI.sys[8ac8f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86101030]
17:54:34.798    Scan finished successfully
17:57:00.609    Disk 0 MBR has been saved successfully to "C:\Users\Xxxxxx\Documents\MBR.dat"
17:57:00.615    The log file has been saved successfully to "C:\Users\Xxxxxx\Documents\aswMBR.txt"
Kannst du schon sagen, wie hoch die Wahrscheinlichkeit ist, dass sich auf meinem Computer noch ein Schädling befindet?

cosinus 14.03.2012 18:31
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Klecks1988 14.03.2012 20:32
hi Arne,

lass gerade beide Programme laufen. Gdata hat gerade folgende Meldung gegeben.
"Die Datei wurde gelöscht.

Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928
Virus: Java:ClassLoader-U [Trj] (Engine B)"

cosinus 14.03.2012 21:44
Zitat:
Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928
Man könnte druchaus auch selbst auf die Idee kommen, den Java-Cache mal zu leeren wenn man diesen Ordner sieht :pfeiff:

Leere diesen Ordner => C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache

Klecks1988 14.03.2012 22:54
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/14/2012 at 10:09 PM

Application Version : 5.0.1146

Core Rules Database Version : 8335
Trace Rules Database Version: 6147

Scan type      : Complete Scan
Total Scan Time : 03:29:56

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 1046
Memory threats detected  : 0
Registry items scanned    : 37805
Registry threats detected : 0
File items scanned        : 50398
File threats detected    : 203

Adware.Tracking Cookie
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\5XEGG0FA.txt [ /doubleclick.net ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\Y5TGY90R.txt [ /ad.yieldmanager.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\37YUNF1M.txt [ /ar.atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\FOF88BDC.txt [ /ru4.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\OPSE4XR6.txt [ /tacoda.at.atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\68JI3B0C.txt [ /atdmt.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\PTG52TYY.txt [ /at.atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\LXYHKM57.txt [ /media6degrees.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\8EHB2CEN.txt [ /lucidmedia.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\QTCNNA6A.txt [ /advertising.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\BRSRR0EG.txt [ /c.atdmt.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\P3UHSQIM.txt [ /atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\0Y7CE0EH.txt [ /adbrite.com ]
        C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ]
        C:\USERS\XXX\Cookies\Y5TGY90R.txt [ Cookie:xxx@ad.yieldmanager.com/ ]
        C:\USERS\XXX\Cookies\FOF88BDC.txt [ Cookie:xxx@ru4.com/ ]
        C:\USERS\XXX\Cookies\OPSE4XR6.txt [ Cookie:xxx@tacoda.at.atwola.com/ ]
        C:\USERS\XXX\Cookies\PTG52TYY.txt [ Cookie:xxx@at.atwola.com/ ]
        C:\USERS\XXX\Cookies\LXYHKM57.txt [ Cookie:xxx@media6degrees.com/ ]
        C:\USERS\XXX\Cookies\8EHB2CEN.txt [ Cookie:xxx@lucidmedia.com/ ]
        C:\USERS\XXX\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ]
        C:\USERS\XXX\Cookies\QTCNNA6A.txt [ Cookie:xxx@advertising.com/ ]
        C:\USERS\XXX\Cookies\BRSRR0EG.txt [ Cookie:xxx@c.atdmt.com/ ]
        C:\USERS\XXX\Cookies\P3UHSQIM.txt [ Cookie:xxx@atwola.com/ ]
        files.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ]
        stat.easydate.biz [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ]
        es.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .www.burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .es.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        media.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLACONTROL\PROFILES\MOZILLACONTROL\E70WPKA8.SLT\COOKIES.TXT ]

cosinus 15.03.2012 04:13
Nur Cookies. Was ist mit MBAM?

Klecks1988 15.03.2012 07:20
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Xxx :: XXX-PC [Administrator]

Schutz: Deaktiviert

14.03.2012 18:44:18
mbam-log-2012-03-14 (18-44-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341685
Laufzeit: 5 Stunde(n), 29 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 15.03.2012 22:10
Keine Funde! :daumenhoc
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Klecks1988 16.03.2012 21:23
Wow du hast mir echt geholfen! Viele Vielen Dank. Nun würde ich noch gerne wissen, was ich alles machen könnte, um mein System sicher zu machen?

Liebe Grüße
Klecks

cosinus 17.03.2012 14:23
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131