Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Der nächste mit dem GVU-Trojaner... (https://www.trojaner-board.de/123454-naechste-gvu-trojaner.html)

Jucksnjo 04.09.2012 10:28
Der nächste mit dem GVU-Trojaner...
 
Hallo zusammen,

auch mich hat es gestern leider erwischt. Der GVU-Trojaner legt bei bestehender Internetverbindung den Rechner lahm, bei gekapptem Internet habe ich festgestellt, dass der TaskManager nicht öffnet.

Schon im Voraus vielen Dank für euer Bemühen.

Hier die beiden OTL-Files.

OTl.txt
Code:
OTL logfile created on: 9/4/2012 11:10:41 AM - Run 1
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\Johannes\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.34% Memory free
5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 107.29 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 81.45 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
Drive F: | 15.06 Gb Total Space | 3.53 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-LAPTOP | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Installationen\PhonoStar\phonostarTimer.exe ()
PRC - C:\Installationen\OpenOffice\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Installationen\OpenOffice\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Installationen\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Installationen\vpn-Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Installationen\CD_Burner\NMSAccessU.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Installationen\PhonoStar\phonostarTimer.exe ()
MOD - C:\Installationen\PhonoStar\QtCore4.dll ()
MOD - C:\Installationen\PhonoStar\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Installationen\PhonoStar\QtSql4.dll ()
MOD - C:\Installationen\PhonoStar\QtGui4.dll ()
MOD - C:\Installationen\OpenOffice\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Installationen\FileZilla\fzshellext.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Installationen\AntiVir\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Installationen\AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (CVPND) -- C:\Installationen\vpn-Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (NMSAccessU) -- C:\Installationen\CD_Burner\NMSAccessU.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (DgiVecp) -- C:\windows\system32\Drivers\DgiVecp.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (StarOpen) -- C:\windows\System32\drivers\StarOpen.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Installationen\Firefox11\components [2012/08/31 10:28:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Installationen\Firefox11\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Installationen\Thunderbird\components [2010/12/11 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Installationen\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Installationen\Firefox11\components [2012/08/31 10:28:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Installationen\Firefox11\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Installationen\Thunderbird\components [2010/12/11 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Installationen\Thunderbird\plugins
 
[2011/04/24 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2010/02/17 16:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/26 10:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions
[2011/10/15 11:58:52 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\dplauncher@digitalpublishing.de
[2012/06/22 12:59:37 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\info@djzig.com
[2012/06/21 14:25:12 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\zigboom@hotmail.com
[2011/04/25 18:35:23 | 000,004,140 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\csn4b5ew.default\searchplugins\youtube.xml
[2011/10/29 18:05:02 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CSN4B5EW.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/02 22:31:56 | 000,009,284 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CSN4B5EW.DEFAULT\EXTENSIONS\LINKLOCATIONBAR@GNT.DE.XPI
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Installationen\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000..\Run: [Miranda Fusion] C:\Installationen\Miranda_Fusion_3\fusiontools\mfstart.exe (Miranda Fusion Team)
O4 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000..\Run: [phonostarTimer] C:\Installationen\PhonoStar\phonostarTimer.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Installationen\OpenOffice\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E127B983-48FB-47F8-82C3-8AC8049917F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/04 11:02:07 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012/08/15 13:36:04 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/08/15 13:36:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/15 13:36:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/15 13:36:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/15 13:36:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/15 13:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/08/15 13:35:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2012/08/09 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Johannes\v80
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/04 10:55:09 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012/09/04 10:24:17 | 000,015,012 | ---- | M] () -- C:\Users\Johannes\cc_20120904_102357.reg
[2012/09/04 10:20:28 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 10:20:28 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 10:16:37 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/04 10:16:37 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/04 10:16:37 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/04 10:16:37 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/04 10:12:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/04 10:12:41 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/03 19:52:24 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012/09/01 14:50:57 | 000,001,893 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/31 11:41:21 | 000,297,418 | ---- | M] () -- C:\Users\Johannes\280_Führerstand3.jpg
[2012/08/31 11:41:09 | 000,312,037 | ---- | M] () -- C:\Users\Johannes\280_Führerstand2.jpg
[2012/08/16 13:08:14 | 000,429,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/10 21:11:22 | 000,006,656 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/08 15:05:54 | 000,170,953 | ---- | M] () -- C:\Users\Johannes\Zwischenablage01.jpg
[2012/08/08 14:44:12 | 000,464,306 | ---- | M] () -- C:\Users\Johannes\280_Führerstand.jpg
[2012/08/07 14:32:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/07 14:32:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012/09/04 10:24:09 | 000,015,012 | ---- | C] () -- C:\Users\Johannes\cc_20120904_102357.reg
[2012/09/01 14:50:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012/09/01 14:50:57 | 000,001,893 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/31 11:41:21 | 000,297,418 | ---- | C] () -- C:\Users\Johannes\280_Führerstand3.jpg
[2012/08/31 11:41:09 | 000,312,037 | ---- | C] () -- C:\Users\Johannes\280_Führerstand2.jpg
[2012/08/08 15:05:54 | 000,170,953 | ---- | C] () -- C:\Users\Johannes\Zwischenablage01.jpg
[2012/08/08 14:44:12 | 000,464,306 | ---- | C] () -- C:\Users\Johannes\280_Führerstand.jpg
[2012/06/07 11:01:30 | 000,037,665 | ---- | C] () -- C:\Users\Johannes\Verzeichnis_Zusatz.pdf
[2011/07/21 17:27:32 | 000,001,547 | ---- | C] () -- C:\windows\wininit.ini
[2011/07/21 17:27:01 | 000,069,632 | ---- | C] () -- C:\windows\RAUNINST.EXE
[2011/05/22 13:04:07 | 3192,264,704 | ---- | C] () -- C:\Users\Johannes\de_windows_7_professional_x64_dvd.iso
[2011/05/22 12:56:55 | 2463,242,240 | ---- | C] () -- C:\Users\Johannes\de_windows_7_professional_x86_dvd_x15-65812.iso
[2011/01/16 14:21:25 | 000,032,433 | ---- | C] () -- C:\Users\Johannes\Franken.pdf
[2010/09/13 11:11:16 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2010/09/13 11:10:28 | 000,026,624 | ---- | C] () -- C:\windows\System32\ssp4ml3.dll
[2010/08/04 17:34:18 | 000,006,656 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/18 16:06:58 | 000,000,642 | ---- | C] () -- C:\Users\Johannes\Eigene Musik.lnk
[2010/02/18 15:30:32 | 000,000,642 | ---- | C] () -- C:\Users\Johannes\Eigene Fotos.lnk
[2010/02/17 14:56:27 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/02/17 15:42:51 | 000,000,000 | -HSD | M] -- C:\Users\Johannes\AppData\Roaming\.#
[2010/02/17 17:37:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canneverbe Limited
[2010/11/02 17:03:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoCreate
[2012/05/12 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dev-Cpp
[2011/10/15 11:58:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\digital publishing
[2012/07/03 17:52:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla
[2010/03/20 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Foxit Software
[2012/03/10 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2011/10/26 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Miranda Fusion
[2011/06/30 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mkvtoolnix
[2010/02/18 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org
[2010/09/17 11:15:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar GmbH
[2012/08/12 02:19:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar-Player
[2010/02/17 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2012/05/12 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft
[2012/08/07 16:27:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Youtube Downloader HD
[2012/08/17 13:54:28 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt

Code:
OTL Extras logfile created on: 9/4/2012 11:10:41 AM - Run 1
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\Johannes\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.34% Memory free
5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 107.29 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 81.45 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
Drive F: | 15.06 Gb Total Space | 3.53 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-LAPTOP | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Installationen\Firefox11\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Installationen\vlc_Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Installationen\vlc_Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Installationen\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Installationen\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Installationen\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AB10EE-BA37-4354-9811-ECE17ABC06FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F316849-29FF-4DD3-9548-D53A40A1FCDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E129319-1524-4A9D-A1D2-078270F6F7AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A7887CE-13C0-4665-B049-C168ECBA4D34}" = lport=139 | protocol=6 | dir=in | app=system |
"{4350C3D7-6918-4CC4-896F-685DFE74835D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A6723CC-C46E-4316-9D99-AC3FA0106400}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B9A5E0B-0B04-4196-8C9B-33010C732803}" = lport=445 | protocol=6 | dir=in | app=system |
"{5177CF10-FE8D-4DA4-B0C6-615DB361B330}" = rport=139 | protocol=6 | dir=out | app=system |
"{56B5375F-7C3D-4F9B-847F-6FF0D3F6B59C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BC1C2A3-672A-45FD-BDE9-32CDFBC8F276}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7107B8C4-A638-4D2A-A54A-AD57C87BDA6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{72360054-CDD0-42BE-AB05-B623150912EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{947FB2D0-6171-4CA2-A092-98E4A1912277}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95B559CB-F083-4733-BB8D-13FE0D9F40B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9744F3E7-EE28-4BC8-9E36-DD9D87DBBCA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A12306F-4C66-4F3C-AD70-F093A0F9825D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DA64B69-D911-436B-BA21-86EFB0DB6BE2}" = rport=138 | protocol=17 | dir=out | app=system |
"{C9F412F5-00B6-4FE8-BCF3-2BAC53E93994}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E43415F6-4C0F-4039-862D-D8A0A42BF535}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6CD453A-0E9B-4B3C-9761-5F38DB0B15D7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE55BCB0-5FCD-4869-9D54-69BCA99C50DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{F03A5DDB-CFB8-4396-92C5-ABAEF3353BC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD8CC95A-1C7F-4D19-980B-1895ADC59426}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027742A6-C173-4D09-BE70-86F0F04D101C}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion\miranda32.exe |
"{11B0D436-F7EB-4D98-95A4-E3D18AA5B4EB}" = protocol=17 | dir=in | app=d:\spiele\anno2070\autopatcher.exe |
"{1BDA39C1-6867-460F-B7C7-B884B4D9086F}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion\miranda32.exe |
"{2A2FC34B-3425-4E39-AE4E-61D9863F514C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2AE3209F-9AE6-451D-84B0-51FD1FAC2E2E}" = protocol=6 | dir=out | app=system |
"{2E381290-3356-4CE6-9B53-4041F26DA701}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\fusiontools\updater.exe |
"{36C7FCEC-31C5-4719-B975-6C4FD07EF42A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D7AA914-DF55-4272-9ACF-281B74A996FB}" = protocol=17 | dir=in | app=d:\spiele\anno2070\initengine.exe |
"{3DFD180D-A329-42E9-A573-23B5FAA63983}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4071C946-296E-4C71-B544-1126818E34E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47FFF8A0-B4F1-4E4A-A29A-DEA721D5CD5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57011D5A-E8F7-4477-AFF7-D10E967AC24D}" = protocol=6 | dir=in | app=d:\spiele\anno2070\initengine.exe |
"{58AAB87F-AAE5-4C53-AED1-767889F55C66}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DB87843-8B98-45C0-8F03-0F288D675F6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61484C19-34AF-4808-8E0A-5E92D03759E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63C407E1-CABE-4A36-A93E-8CC4E030DD54}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
"{6CF847E8-AD4E-4819-9E01-DDFA2015630B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E783A3C-8BFD-436A-A1EC-246223D1DB40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B4B58E-5E3A-41DD-9618-D4AD5DE8BE4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8188E256-607B-4D54-ABBF-DDEAF8E7FCEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFEB3CB-9AC3-43B7-A2D8-963BD816A9E3}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\fusiontools\updater.exe |
"{907266CF-3535-47F8-9C4D-00FE330F2BCE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{93C8A943-A065-4174-9937-31C4E810B900}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
"{93FBBCBA-9DC0-4E62-90EA-4BFA3BDAA3FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A115448-12B3-48E4-A62A-5D6F884D74CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9B530963-1B4F-4771-B1DF-A7907003E17A}" = protocol=6 | dir=in | app=d:\spiele\anno2070\anno5.exe |
"{A14ECB7B-8C17-45EB-92D5-A23C02649DC6}" = protocol=58 | dir=in | app=system |
"{C7FB6511-906B-4024-8E7A-8547A4B18C17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C816F42F-224C-4442-8A77-A8169B3D282D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE65CCCE-057A-4AF4-BBFD-F9EE3AC52F82}" = protocol=6 | dir=in | app=d:\spiele\anno2070\autopatcher.exe |
"{DB49AC84-7FC1-47B8-823E-670F2D10468D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0F6F728-8C68-414D-B948-32B0A132105F}" = dir=in | app=c:\installationen\skype\phone\skype.exe |
"{F5A50DBA-B60B-46C2-BA24-FF00D39DBDB7}" = protocol=17 | dir=in | app=d:\spiele\anno2070\anno5.exe |
"{FC588AE0-FCC2-4DE1-9D6D-41A131886217}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{78938E09-2209-4E79-A8AE-D7086E9746BF}C:\installationen\miranda\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda\miranda32.exe |
"TCP Query User{82654CC4-ED18-4E25-919F-3873A29CC035}C:\installationen\miranda_fusion_3\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
"TCP Query User{84501DF9-4AE0-4EF1-AF40-FBA9DD3F1144}C:\installationen\miranda_3\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda_3\miranda32.exe |
"TCP Query User{91E28D41-A032-45DF-8F5E-F0083ECB49DA}C:\installationen\phonostar\phonostar.exe" = protocol=6 | dir=in | app=c:\installationen\phonostar\phonostar.exe |
"TCP Query User{B8E5A64F-C425-47B9-8CFD-551EC2F1422C}C:\installationen\vlc_player\vlc.exe" = protocol=6 | dir=in | app=c:\installationen\vlc_player\vlc.exe |
"TCP Query User{E92090C5-3ED8-483E-AE00-FE41F33F47B8}C:\installationen\phonostar2plus\ps_olect.exe" = protocol=6 | dir=in | app=c:\installationen\phonostar2plus\ps_olect.exe |
"UDP Query User{35C1D8D6-769E-4649-B280-28A292406CAF}C:\installationen\vlc_player\vlc.exe" = protocol=17 | dir=in | app=c:\installationen\vlc_player\vlc.exe |
"UDP Query User{3A3D81FA-0602-4E12-A4E8-19D282CBBBFC}C:\installationen\phonostar2plus\ps_olect.exe" = protocol=17 | dir=in | app=c:\installationen\phonostar2plus\ps_olect.exe |
"UDP Query User{993D530C-A1B1-4E61-B23F-5135C3769161}C:\installationen\phonostar\phonostar.exe" = protocol=17 | dir=in | app=c:\installationen\phonostar\phonostar.exe |
"UDP Query User{A613417B-6F51-41B4-AE71-F8523AEB147C}C:\installationen\miranda_3\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda_3\miranda32.exe |
"UDP Query User{CD258015-BE36-4136-8325-0AAA777285B2}C:\installationen\miranda\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda\miranda32.exe |
"UDP Query User{DB521903-12D6-40A8-92F1-249A4887AC1E}C:\installationen\miranda_fusion_3\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.7.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI HDA Modem
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MirandaFusion" = Miranda Fusion 3.1.15.1
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"Red Alert" = Red Alert Windows 95
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.zusi.de/zusi3/demo_is1" = Zusi 3.0.2 (Beta-Demo)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/15/2012 6:48:10 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:45:43 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:46:16 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:47:49 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:47:50 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 4:51:34 AM | Computer Name = Johannes-Laptop | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.5.7.2830 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 620    Startzeit:
01cd7de7be0c0733    Endzeit: 24    Anwendungspfad: C:\Installationen\Winamp\winamp.exe    Berichts-ID:
 110c62de-e9db-11e1-ae1e-0024541e0db8 
 
Error - 8/19/2012 6:35:17 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 6:35:45 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 6:37:07 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 6:37:08 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 9/4/2012 4:13:49 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:51 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:52 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:52 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:53 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 5:08:49 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 9/4/2012 5:08:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 9/4/2012 5:08:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 9/4/2012 5:08:51 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >

markusg 04.09.2012 11:36
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012/09/01 14:50:57 | 000,001,893 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/09/03 19:52:24 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

Jucksnjo 04.09.2012 16:43
Ist erledigt. Echt der Wahnsinn, wie schnell hier einem geholfen wird. :dankeschoen:

Nach dem Neustart verbleiben folgende zwei Fenster (s. Screenshot).

Hier der Inhalt des Textdokuments.

Code:
All processes killed
========== OTL ==========
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Johannes
->Flash cache emptied: 7431 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 4079278 bytes
->Temporary Internet Files folder emptied: 262664592 bytes
->Java cache emptied: 2300365 bytes
->FireFox cache emptied: 1142649828 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1393427 bytes
RecycleBin emptied: 10261740758 bytes
 
Total Files Cleaned = 11,134.00 mb
 
 
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_173132

Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\REGD1CF.tmp moved successfully.
C:\Users\Johannes\AppData\Local\Temp\roper0dun.exe moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
[IMG]http://s7.directupload.net/images/120904/bmdf3btg.jpg[/IMG]

Wie geht es nun weiter?

markusg 06.09.2012 16:42
sorry, ich war gesundheitlich nicht ganz fitt und musste dann erst mal wieder alles aufarbeiten :-)
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jucksnjo 07.09.2012 09:09
Et voila.

Code:
ComboFix 12-09-06.04 - Johannes 07.09.2012  9:55.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3037.1678 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Johannes\AppData\Roaming\.#
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-07 bis 2012-09-07  ))))))))))))))))))))))))))))))
.
.
2012-09-07 08:01 . 2012-09-07 08:01        --------        d-----w-        c:\users\Johannes\AppData\Local\temp
2012-09-07 08:01 . 2012-09-07 08:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-07 07:52 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B304551D-6722-4E7F-A079-22EE02E63542}\mpengine.dll
2012-09-06 09:10 . 2012-09-06 09:10        --------        d-----w-        c:\program files\Common Files\Java
2012-09-06 09:10 . 2012-09-06 09:10        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 14:32 . 2012-07-06 19:23        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-09-05 14:31 . 2012-09-05 14:31        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-05 12:59 . 2012-09-05 12:59        --------        d-----w-        c:\users\Johannes\AppData\Roaming\Malwarebytes
2012-09-05 12:59 . 2012-09-05 12:59        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-15 11:35 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 11:35 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 11:35 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 11:35 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
2012-08-09 13:41 . 2012-08-09 13:46        --------        d-----w-        c:\users\Johannes\v80
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 10:10 . 2012-06-30 14:50        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-06 10:10 . 2011-12-05 15:40        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 09:10 . 2012-06-26 07:36        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-09-06 09:10 . 2010-06-09 08:33        746984        ----a-w-        c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\installationen\PhonoStar\phonostarTimer.exe" [2010-08-25 40960]
"Miranda Fusion"="c:\installationen\Miranda_Fusion_3\fusiontools\mfstart.exe" [2012-06-12 1122241]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WinampAgent"="c:\installationen\Winamp\winampa.exe" [2010-01-12 37888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"avgnt"="c:\installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\installationen\OpenOffice\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-10-21 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\installationen\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\installationen\AntiVir\Avira\AntiVir Desktop\sched.exe [x]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 10:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\csn4b5ew.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-07  10:02:55
ComboFix-quarantined-files.txt  2012-09-07 08:02
.
Vor Suchlauf: 7 Verzeichnis(se), 118.104.035.328 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 117.780.721.664 Bytes frei
.
- - End Of File - - BD5BAB1F7BE73665332575DB6817A438

markusg 07.09.2012 13:59
öffne malwarebytes berichte, poste alle logs mit funden

Jucksnjo 08.09.2012 09:31
Ebenfalls erledigt.

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.05.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Johannes :: JOHANNES-LAPTOP [Administrator]

08.09.2012 10:02:15
mbam-log-2012-09-08 (10-02-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 312130
Laufzeit: 1 Stunde(n), 2 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\Johannes\Downloads\TS\VT_DB103_betaE03.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Johannes\Downloads\TS\VT_DB103_Pack_ORa.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Johannes\Downloads\TS\VT_DB_E03pack1.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Johannes\Downloads\TS\ZSR_Bh.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\09042012_173132\C_Users\Johannes\AppData\Local\Temp\roper0dun.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Spiele\Anno2070\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 08.09.2012 11:56
lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Jucksnjo 09.09.2012 09:59
Diese Dinge von Oberon Media, sind das diese Standard-Spiele von Windows?

Microsoft Office, SQL-Server, und Visual C++ dürften schon ab Werk drauf gewesen sein...

Code:
7-Zip 4.65                05.03.2010        notwendig       
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        05.09.2012        6,00MB        11.4.402.265notwendig
Adobe Flash Player ActiveX        Adobe Systems Incorporated        06.10.2009                9.0.124.0notwendig
Alice Greenfingers        Oberon Media        16.02.2010unbekannt               
Atheros Client Installation Program        Atheros        26.02.2010                1.0.1.0805unbekannt
ATI Catalyst Install Manager        ATI Technologies, Inc.        06.10.2009        13,8MB        3.0.741.0notwendig
Avira Free Antivirus        Avira        07.08.2012        104,5MB        12.0.0.1167notwendig
BatteryLifeExtender        Samsung        06.10.2009        14,6MB        1.0.1notwendig
Business Contact Manager für Outlook 2007 SP2        Microsoft Corporation        18.05.2012                3.0.8619.1unbekannt
CCleaner        Piriform        16.09.2010                2.35notwendig
CDBurnerXP        CDBurnerXP        16.02.2010        11,8MB        4.2.7.1893notwendig
ChargeableUSB        SAMSUNG        06.10.2009                1.0.0.0notwendig
Cisco Systems VPN Client 5.0.06.0160        Cisco Systems, Inc.        20.10.2010        12,3MB        5.0.6notwendig
CyberLink YouCam        CyberLink Corp.        16.02.2010        78,0MB        2.0.2907notwendig
Dairy Dash        Oberon Media        16.02.2010                unbekannt
Easy Display Manager        Samsung Electronics Co., Ltd.        06.10.2009                3.0notwendig
Easy Network Manager        Samsung        06.10.2009        19,1MB        4.2.4notwendig
Easy SpeedUp Manager        Samsung Electronics Co.,Ltd.        06.10.2009                3.0.0.4notwendig
EasyBatteryManager        Samsung        06.10.2009                4.0.0.2notwendig
Farm Frenzy 2        Oberon Media        16.02.2010unbekannt               
FileZilla Client 3.2.7.1                07.03.2012                3.2.7.1notwendig
Foxit Reader        Foxit Corporation        06.09.2012        36,6MB        5.4.2.901notwendig
Go-Go Gourmet        Oberon Media        16.02.2010unbekannt               
Intel® Matrix Storage Manager        Intel Corporation        06.10.2009unbekannt               
IrfanView (remove only)                17.02.2010notwendig               
Java 7 Update 7        Oracle        05.09.2012        128,3MB        7.0.70notwendig
Java(TM) 6 Update 31        Oracle        25.02.2012        95,1MB        6.0.310notwendig
JavaFX 2.1.1        Oracle Corporation        25.06.2012        20,9MB        2.1.1notwendig
Marvell Miniport Driver        Marvell        06.10.2009                10.70.3.3unbekannt
Microsoft Office 2003 Web Components        Microsoft Corporation        14.08.2012        71,0MB        11.0.8003.0unbekannt
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        16.02.2010        7,19MB        12.0.4518.1014unbekannt
Microsoft Office Live Add-in 1.3        Microsoft Corporation        16.02.2010        0,48MB        2.0.2313.0unbekannt
Microsoft Office Outlook Connector        Microsoft Corporation        16.02.2010        6,13MB        12.0.6423.1000unbekannt
Microsoft Office Small Business Connectivity Components        Microsoft Corporation        16.02.2010        0,16MB        2.0.7024.0unbekannt
Microsoft Silverlight        Microsoft Corporation        05.09.2012        56,8MB        5.1.10411.0notwendig
Microsoft SQL Server 2005        Microsoft Corporation        18.05.2012unbekannt               
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        16.02.2010        1,72MB        3.1.0000unbekannt
Microsoft SQL Server Native Client        Microsoft Corporation        18.05.2012        2,63MB        9.00.5000.00unbekannt
Microsoft SQL Server VSS Writer        Microsoft Corporation        18.05.2012        0,68MB        9.00.5000.00unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        18.05.2012        0,29MB        8.0.61001unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        25.02.2010        0,58MB        9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        13.04.2010        0,58MB        9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        18.05.2012        0,59MB        9.0.30729.6161unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.05.2012        12,3MB        10.0.40219unbekannt
Miranda Fusion 3.1.15.1        Miranda Fusion Team        11.06.2012        27,5MB        3.1.15.1notwendig
MKVtoolnix 4.8.0        Moritz Bunkus        29.06.2011                4.8.0notwendig
Mozilla Firefox 11.0 (x86 de)        Mozilla        17.03.2012        35,8MB        11.0unnötig
Mozilla Firefox 15.0.1 (x86 de)        Mozilla        06.09.2012        38,5MB        15.0.1notwendig
Mozilla Thunderbird (3.0.1)        Mozilla        16.02.2010                3.0.1 (de)unnötig
Mozilla Thunderbird (3.0.11)        Mozilla        10.12.2010                3.0.11 (de)notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        13.09.2010        35,00KB        4.20.9870.0unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        13.09.2010        1,33MB        4.20.9876.0unbekannt
OpenOffice.org 3.2        OpenOffice.org        17.02.2010        369,5MB        3.2.9483notwendig
phonostar-Player Version 2.01.2                28.01.2012notwendig               
phonostar-Player Version 3.01.8                16.09.2010notwendig               
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        27.02.2010                6.0.1.5948notwendig
REALTEK Wireless LAN Software        REALTEK Semiconductor Corp.        06.10.2009                1.01.0088notwendig               
Samsung Recovery Solution 4        Samsung        06.10.2009                4.0.0.3notwendig
Samsung Support Center        Samsung        06.10.2009        40,8MB        1.0.1notwendig
Samsung Update Plus        Samsung Electronics Co., Ltd.        06.10.2009                2.0notwendig
Skype™ 5.10        Skype Technologies S.A.        04.09.2012        19,4MB        5.10.116notwendig
Synaptics Pointing Device Driver        Synaptics Incorporated        27.02.2010                14.0.10.0unbekannt
Ubisoft Game Launcher        UBISOFT        01.03.2012                1.0.0.0unbekannt
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        18.05.2012        30,6MB        9.00.5000.00unbekannt
User Guide                06.10.2009                1.0notwendig
VLC media player 1.1.4        VideoLAN        03.11.2010                1.1.4notwendig
Wartung Samsung ML-191x 252x Series        Samsung Electronics CO.,LTD        12.09.2010notwendig               
Winamp        Nullsoft, Inc        25.05.2010                5.572 notwendig
Winamp Anwendungserkennung        Nullsoft, Inc        25.05.2010        0,12MB        1.0.0.1notwendig
Windows Live Essentials        Microsoft Corporation        16.02.2010                14.0.8089.0726unbekannt
Windows Live Sync        Microsoft Corporation        16.02.2010        2,79MB        14.0.8089.726unbekannt
Windows Live-Uploadtool        Microsoft Corporation        16.02.2010        0,22MB        14.0.8014.1029unbekannt
Youtube Downloader HD v. 2.9.2        YoutubeDownloaderHD.com        27.03.2012        5,23MB        notwendig
Zusi 3.0.2 (Beta-Demo)        Carsten Hölscher        05.11.2011        197,8MB        3notwendig

markusg 11.09.2012 14:42
bearbeite das mal so, das die bezeichnungen nicht an den programmversionen kleben, so kann mans schlecht lesen :-)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131