Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google-Treffer-Problem (https://www.trojaner-board.de/128449-google-treffer-problem.html)

PistolPetede 21.12.2012 22:15
Google-Treffer-Problem
 
Hallo,
beim Googeln tun sich nach 1 sec plötzlich Treffer auf, die mit dem Gesuchten gar nix zu tun haben. was kann ich machen?

Ich habe Malwarebytes Anti-Malware durchgeführt: keine Funde!

Grundsätzliche Frage: Ist dieser Google-Trojaner schädlich oder "nur nervig"?

Der scheint ja wohl nicht so verbreitet zu sein, denn wenn man googelt findet man kaum Treffer, oder?

ryder 22.12.2012 12:30
Logfile bitte dennoch hier posten.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

PistolPetede 22.12.2012 19:31
Ich hab jetzt das OTL laufen lassen (nach der Anweisung von Markusg).
Hier das log-file:
Code:
OTL logfile created on: 22.12.2012 18:43:20 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Xxx\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 69,34% Memory free
5,87 Gb Paging File | 4,90 Gb Available in Paging File | 83,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,38 Gb Total Space | 76,91 Gb Free Space | 70,31% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 128,20 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 463,28 Gb Free Space | 49,73% Space Free | Partition Type: NTFS
Drive G: | 9,86 Gb Total Space | 5,73 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 486,36 Gb Free Space | 26,11% Space Free | Partition Type: NTFS
Drive I: | 58,92 Gb Total Space | 1,41 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: XXX | User Name: Xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.21 21:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
PRC - [2012.12.11 15:28:20 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 15:28:11 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 15:28:11 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.11 15:28:10 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.10 14:10:57 | 000,997,320 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.11.09 04:21:32 | 000,587,472 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.10.16 22:43:38 | 000,711,112 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.02.18 11:49:40 | 000,357,448 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.10 14:10:57 | 000,997,320 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.10.16 22:43:38 | 000,566,728 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.10.16 22:43:38 | 000,134,600 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.11 20:30:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.11 15:28:20 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 15:28:11 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.07 12:27:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 04:21:32 | 000,587,472 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.10.16 22:43:38 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.10.08 21:02:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.11 15:28:23 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 15:28:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 19:38:07 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.10.16 22:43:38 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.10.11 13:46:04 | 000,627,288 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.11.23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.13 01:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009.05.13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007.12.17 16:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2002.11.28 15:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={2D2E23E7-F325-4B1D-BC6E-F2423B4E132A}&mid=df8f1e9509e947d09000d151b5807a67-0186bff8005b8d3620226a7e245cc8de7d7d127a&lang=de&ds=bm015&pr=sa&d=2012-10-16 23:43:42&v=13.2.0.1&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 74 EA 8A 18 A7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2D2E23E7-F325-4B1D-BC6E-F2423B4E132A}&mid=df8f1e9509e947d09000d151b5807a67-0186bff8005b8d3620226a7e245cc8de7d7d127a&lang=de&ds=bm015&pr=sa&d=2012-10-16 23:43:42&v=13.2.0.1&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4.1
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={2D2E23E7-F325-4B1D-BC6E-F2423B4E132A}&mid=df8f1e9509e947d09000d151b5807a67-0186bff8005b8d3620226a7e245cc8de7d7d127a&lang=de&ds=bm015&pr=sa&d=2012-10-16 23:43:42&v=13.2.0.1&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.10 14:11:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:27:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:27:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:27:43 | 000,000,000 | ---D | M]
 
[2012.10.04 22:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.12.15 18:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\l4ouc8my.default\extensions
[2012.12.02 21:37:50 | 000,566,966 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\toolbar@web.de.xpi
[2012.12.09 17:44:28 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.15 18:20:43 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.11.25 16:01:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.30 13:59:10 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.08 13:52:57 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.12.02 21:37:53 | 000,000,911 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\11-suche.xml
[2012.12.02 21:37:53 | 000,002,273 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\englische-ergebnisse.xml
[2012.12.02 21:37:53 | 000,010,563 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\gmx-suche.xml
[2012.12.02 21:37:53 | 000,002,432 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\lastminute.xml
[2012.12.02 21:37:53 | 000,005,545 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\webde-suche.xml
[2012.12.07 12:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.07 12:27:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.11.02 09:12:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.10 14:10:58 | 000,003,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.11.02 09:12:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.02 09:12:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.02 09:12:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.02 09:12:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.02 09:12:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B9F1D5D-50DF-4CF7-8F33-5CB646D4F9B7}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D75BEE7C-FAF2-453E-9A79-54EA6940B384}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60702D8B-5E32-B289-79CA-87872305474F} - Microsoft Windows Media Player 12.0
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.22 12:33:39 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Spyware Terminator
[2012.12.22 12:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.12.22 12:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.12.22 12:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012.12.22 12:12:39 | 000,937,224 | ---- | C] (Crawler.com                                                ) -- C:\Users\Xxx\Desktop\SpywareTerminator30074Setup.exe
[2012.12.22 10:48:26 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.12.22 10:48:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 10:47:53 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Xxx\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.21 21:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
[2012.12.21 21:47:47 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Xxx\Desktop\tdsskiller.exe
[2012.12.20 20:38:53 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.20 20:38:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.18 03:19:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Microsoft Games
[2012.12.17 21:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exifer
[2012.12.17 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Exifer
[2012.12.12 21:37:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 21:37:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 21:37:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 21:37:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 21:37:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 21:37:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 21:37:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 21:37:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 21:27:50 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 21:27:47 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 21:27:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 21:27:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 21:27:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 21:27:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 21:27:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.11 13:20:49 | 000,000,000 | ---D | C] -- g:\Eigene Dateien\DVDFab Passkey
[2012.12.11 09:54:54 | 000,000,000 | ---D | C] -- g:\Eigene Dateien\Eigene Projekte bei druckstdu
[2012.12.10 22:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\druckstdu.de
[2012.12.10 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\druckstdu.de
[2012.12.10 20:13:35 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\Sabine
[2012.12.07 23:12:16 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maniac Mansion Deluxe
[2012.12.07 23:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion Deluxe
[2012.12.07 23:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\LucasFan Games
[2012.12.07 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\DVDFab
[2012.12.07 12:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.05 23:08:37 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Media Player Classic
[2012.12.05 23:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.12.05 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.11.30 19:05:57 | 000,000,000 | ---D | C] -- C:\ISO
[2012.11.30 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012.11.30 18:58:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012.11.30 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.11.30 18:54:28 | 000,000,000 | ---D | C] -- C:\Log
[2012.11.30 18:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.11.30 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2012.11.30 14:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra
[2012.11.30 14:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\GeoGebra
[2012.11.30 13:58:51 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\mathegrafix
[2012.10.07 12:11:19 | 000,270,406 | ---- | C] (DVD Shrink) -- C:\Program Files\DVD Shrink 3.0 Beta 5.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.22 18:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.22 17:50:13 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 17:50:13 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 17:48:55 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 17:48:55 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 17:48:55 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 17:48:55 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 17:42:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.22 17:42:50 | 2364,940,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.22 12:33:36 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.12.22 12:12:39 | 000,937,224 | ---- | M] (Crawler.com                                                ) -- C:\Users\Xxx\Desktop\SpywareTerminator30074Setup.exe
[2012.12.22 10:48:18 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 10:47:56 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Xxx\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.21 21:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
[2012.12.21 21:47:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xxx\Desktop\tdsskiller.exe
[2012.12.21 06:19:38 | 000,425,671 | ---- | M] () -- C:\Users\Xxx\Desktop\Weihnachtsbild.jpg
[2012.12.21 06:17:46 | 000,620,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.17 21:44:50 | 000,000,888 | ---- | M] () -- C:\Users\Xxx\Desktop\Exifer.lnk
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.11 20:30:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.11 20:30:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.11 15:28:23 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 15:28:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.12.11 13:22:01 | 000,000,336 | ---- | M] () -- C:\Users\Xxx\Desktop\BR-Laufwerk (X).lnk
[2012.12.09 17:44:02 | 001,422,466 | ---- | M] () -- C:\Users\Xxx\Desktop\Ritterburg.mp4
[2012.12.05 16:12:56 | 000,220,298 | ---- | M] () -- C:\Users\Xxx\Desktop\Baustelle.jpg
[2012.11.30 18:54:24 | 000,000,973 | ---- | M] () -- C:\Users\Xxx\Desktop\DVDFab 8 Qt.lnk
[2012.11.30 17:17:20 | 000,050,277 | ---- | M] () -- C:\Users\Xxx\Desktop\Terminplan CSG.pdf
[2012.11.30 14:00:13 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\GeoGebra.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.22 12:33:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.12.22 12:33:36 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.12.22 10:48:18 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.21 06:19:38 | 000,425,671 | ---- | C] () -- C:\Users\Xxx\Desktop\Weihnachtsbild.jpg
[2012.12.17 21:44:50 | 000,000,888 | ---- | C] () -- C:\Users\Xxx\Desktop\Exifer.lnk
[2012.12.11 13:22:01 | 000,000,336 | ---- | C] () -- C:\Users\Xxx\Desktop\BR-Laufwerk (X).lnk
[2012.12.09 17:44:02 | 001,422,466 | ---- | C] () -- C:\Users\Xxx\Desktop\Ritterburg.mp4
[2012.12.05 16:05:34 | 000,220,298 | ---- | C] () -- C:\Users\Xxx\Desktop\Baustelle.jpg
[2012.11.30 18:54:24 | 000,000,973 | ---- | C] () -- C:\Users\Xxx\Desktop\DVDFab 8 Qt.lnk
[2012.11.30 17:17:20 | 000,050,277 | ---- | C] () -- C:\Users\Xxx\Desktop\Terminplan CSG.pdf
[2012.11.30 14:00:13 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\GeoGebra.lnk
[2012.10.08 18:44:00 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.10.08 18:43:59 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.10.08 18:43:59 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.10.08 18:43:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.10.08 18:43:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.10.05 21:35:35 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.05 21:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7045N.DAT
[2012.10.05 21:34:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.10.05 21:34:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.10.05 18:41:35 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.10.05 18:41:35 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.10.04 21:20:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.04 23:25:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.10.31 23:28:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.04 21:20:44 | 000,000,000 | ---D | M] -- C:\Intel
[2012.11.30 19:05:57 | 000,000,000 | ---D | M] -- C:\ISO
[2012.11.30 19:00:47 | 000,000,000 | ---D | M] -- C:\Log
[2012.10.04 22:22:01 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.10.10 11:49:35 | 000,000,000 | ---D | M] -- C:\NST
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.22 12:32:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.22 12:33:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.11 18:38:25 | 000,000,000 | ---D | M] -- C:\SharePoint-Entwürfe
[2012.12.22 18:47:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.30 19:00:49 | 000,000,000 | ---D | M] -- C:\Temp
[2012.10.04 21:25:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.18 10:45:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2003.08.16 01:57:36 | 000,270,406 | ---- | M] (DVD Shrink) -- C:\Program Files\DVD Shrink 3.0 Beta 5.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 03:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 03:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 03:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 03:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 03:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.22 18:45:15 | 003,407,872 | -HS- | M] () -- C:\Users\Xxx\NTUSER.DAT
[2012.12.22 18:45:15 | 000,262,144 | -HS- | M] () -- C:\Users\Xxx\ntuser.dat.LOG1
[2012.10.04 21:10:01 | 000,000,000 | -HS- | M] () -- C:\Users\Xxx\ntuser.dat.LOG2
[2012.10.04 21:18:10 | 000,065,536 | -HS- | M] () -- C:\Users\Xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.10.04 21:18:10 | 000,524,288 | -HS- | M] () -- C:\Users\Xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.10.04 21:18:10 | 000,524,288 | -HS- | M] () -- C:\Users\Xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.10.04 21:10:01 | 000,000,020 | -HS- | M] () -- C:\Users\Xxx\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

ryder 22.12.2012 19:47

Zitat:
Lesestoff:
******
Du hast deinen Namen unkenntlich gemacht. Dies macht es auch gleichzeitig schwerer für mich deine Logfiles auszuwerten und dir ein Fixskript zu schreiben. Mache deinen Namen bitte nur dann unkenntlich, wenn es unbedingt nötig ist. Entscheidest du dich dennoch dazu mußt du jedesmal die *** wieder gegen den Benutzernamen austauschen.

:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.
  • Nur Scanns durchführen zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Wenn du das alles gelesen und verstanden hast, kannst du loslegen! :kloppen:
Gelesen und verstanden?



Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.

Schritt 3:
Scan mit DDS (+ attach)
Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com | dds.scr | dds.pif
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.

PistolPetede 22.12.2012 20:22
Danke schonmal!
Hier die Logdatei von AdwCleaner:
Code:
# AdwCleaner v2.101 - Datei am 22/12/2012 um 20:13:08 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Xxx - XXX
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Xxx\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l4ouc8my.default\searchplugins\11-suche.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Xxx\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Xxx\AppData\LocalLow\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={2D2E23E7-F325-4B1D-BC6E-F2423B4E132A}&mid=df8f1e9509e947d09000d151b5807a67-0186bff8005b8d3620226a7e245cc8de7d7d127a&lang=de&ds=bm015&pr=sa&d=2012-10-16 23:43:42&v=13.2.0.1&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default
Datei : C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l4ouc8my.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={2D2E23E7-F325-4B1D-BC6E-F2423B4E132A}&[...]

*************************

AdwCleaner[S1].txt - [5212 octets] - [22/12/2012 20:13:08]

########## EOF - C:\AdwCleaner[S1].txt - [5272 octets] ##########
und hier die beiden Dateien von DDS:
DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by Xxx at 20:18:09 on 2012-12-22
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3007.2088 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CloneCDElbyCDFL] "c:\program files\elaborate bytes\clonecd\ElbyCheck.exe" /L ElbyCDFL
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{7B9F1D5D-50DF-4CF7-8F33-5CB646D4F9B7} : DHCPNameServer = 0.0.0.0
TCP: Interfaces\{D75BEE7C-FAF2-453E-9A79-54EA6940B384} : DHCPNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Xxx\appdata\roaming\mozilla\firefox\profiles\l4ouc8my.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-12-02 21:37; toolbar@web.de; c:\users\Xxx\appdata\roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\toolbar@web.de.xpi
FF - ExtSQL: 2012-12-08 13:52; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Xxx\appdata\roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-16 26984]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-4 36552]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-12-22 32768]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-4 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-4 109344]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-4 83944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-10-16 711112]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2012-12-22 587472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-10-8 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-10-8 8456]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-18 14848]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2010-5-10 627288]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-18 49664]
.
=============== Created Last 30 ================
.
2012-12-22 11:33:39        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2012-12-22 11:33:39        --------        d-----w-        c:\users\Xxx\appdata\roaming\Spyware Terminator
2012-12-22 11:33:39        --------        d-----w-        c:\programdata\Spyware Terminator
2012-12-22 11:32:52        --------        d-----w-        c:\program files\Spyware Terminator
2012-12-22 09:48:26        --------        d-----w-        c:\users\Xxx\appdata\roaming\Malwarebytes
2012-12-22 09:48:17        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-12-22 09:48:17        --------        d-----w-        c:\programdata\Malwarebytes
2012-12-22 09:48:17        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-12-20 19:38:53        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-20 19:38:53        295424        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-18 02:19:09        --------        d-----w-        c:\users\Xxx\appdata\local\Microsoft Games
2012-12-17 20:44:50        --------        d-----w-        c:\program files\Exifer
2012-12-12 20:27:50        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-12-10 20:25:25        --------        d-----w-        c:\program files\druckstdu.de
2012-12-07 22:11:41        --------        d-----w-        c:\program files\LucasFan Games
2012-12-07 20:48:56        --------        d-----w-        c:\users\Xxx\appdata\roaming\DVDFab
2012-12-05 22:07:57        --------        d-----w-        c:\program files\MPC-HC
2012-11-30 18:05:57        --------        d-----w-        C:\ISO
2012-11-30 17:59:07        --------        d-----w-        c:\programdata\dvdfab
2012-11-30 17:58:23        --------        d-----w-        C:\Temp
2012-11-30 17:54:28        --------        d-----w-        c:\users\Xxx\appdata\roaming\NVIDIA
2012-11-30 17:54:28        --------        d-----w-        C:\Log
2012-11-30 17:54:19        --------        d-----w-        c:\program files\DVDFab 8 Qt
2012-11-30 13:00:11        --------        d-----w-        c:\program files\GeoGebra
2012-11-30 12:58:51        --------        d-----w-        c:\users\Xxx\appdata\roaming\mathegrafix
.
==================== Find3M  ====================
.
2012-12-11 19:30:18        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:30:18        697272        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-11 14:28:23        83944        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-11-15 18:38:07        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09:22        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 01:58:15        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 01:49:25        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 01:44:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-02 05:11:31        376832        ----a-w-        c:\windows\system32\dpnet.dll
2012-10-16 21:43:38        26984        ----a-w-        c:\windows\system32\drivers\avgtpx86.sys
2012-10-16 07:39:52        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-11 12:46:04        627288        ----a-w-        c:\windows\system32\drivers\SkyNET.sys
2012-10-10 20:15:04        1867112        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15:00        2574696        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-10-10 20:14:50        888168        ----a-w-        c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14:50        12501352        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14:46        17559912        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-10-10 20:14:44        2428776        ----a-w-        c:\windows\system32\nvapi.dll
2012-10-10 20:14:42        7697768        ----a-w-        c:\windows\system32\nvcuda.dll
2012-10-10 20:14:28        10837352        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14:22        19906920        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-10-10 20:14:22        1009512        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-10-10 20:14:16        6127464        ----a-w-        c:\windows\system32\nvopencl.dll
2012-10-10 20:14:16        15309160        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-10-09 17:40:31        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-08 18:43:22        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-10-08 18:43:22        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-10-04 20:53:42        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-10-04 16:47:18        169984        ----a-w-        c:\windows\system32\winsrv.dll
2012-10-04 16:43:05        293376        ----a-w-        c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58        271360        ----a-w-        c:\windows\system32\conhost.exe
2012-10-04 14:41:50        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30        1293680        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26        52224        ----a-w-        c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26        242176        ----a-w-        c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-10-03 16:42:24        175104        ----a-w-        c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23        156672        ----a-w-        c:\windows\system32\ncsi.dll
2012-10-03 16:40:35        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:29:42        645992        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41        62312        ----a-w-        c:\windows\system32\nvshext.dll
2012-10-02 19:29:41        2557288        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-10-02 19:29:41        108392        ----a-w-        c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22        2853224        ----a-w-        c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53        3965288        ----a-w-        c:\windows\system32\nvcpl.dll
2012-10-02 12:15:52        430952        ----a-w-        c:\windows\system32\nvStreaming.exe
2012-09-25 22:47:43        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-09-24 21:16:36        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2003-08-16 00:57:36        270406        ----a-w-        c:\program files\DVD Shrink 3.0 Beta 5.exe
.
============= FINISH: 20:18:38,23 ===============
--- --- ---


und
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04.10.2012 22:09:48
System Uptime: 22.12.2012 20:14:01 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5B-E
Processor: Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz | Socket 775 | 2128/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is FIXED (NTFS) - 640 GiB total, 153,263 GiB free.
C: is FIXED (NTFS) - 109 GiB total, 78,767 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 128,196 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 463,276 GiB free.
G: is FIXED (NTFS) - 10 GiB total, 5,732 GiB free.
H: is FIXED (NTFS) - 1863 GiB total, 486,361 GiB free.
I: is FIXED (NTFS) - 59 GiB total, 1,412 GiB free.
X: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP53: 18.11.2012 10:31:51 - Windows Update
RP54: 27.11.2012 21:43:15 - Windows Update
RP55: 05.12.2012 15:47:54 - Geplanter Prüfpunkt
RP483: 10.12.2012 23:30:17 - Windows Update
RP56: 12.12.2012 21:35:27 - Windows Update
RP57: 20.12.2012 20:38:29 - Windows Update
RP58: 21.12.2012 22:26:03 - OTL Restore Point - 21.12.2012 22:25:53
RP59: 22.12.2012 18:46:50 - OTL Restore Point - 22.12.2012 18:46:49
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.4) - Deutsch
Attansic L1 Gigabit Ethernet Driver
Avira Free Antivirus
Brother MFL-Pro Suite DCP-7045N
CloneCD
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
druckstdu.de Designer 1.6.9
DVDFab 8.2.2.2 (23/11/2012) Qt
EASEUS Partition Master 9.1.1 Home Edition
EasyBCD 2.2
Exifer
GeoGebra
Java 7 Update 9
Java Auto Updater
Logitech GamePanel Software 3.04.143
Malwarebytes Anti-Malware Version 1.65.1.1000
Maniac Mansion Deluxe
MathType 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
Mp3tag v2.52
MPC-HC 1.6.4.6052
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
NVIDIA 3D Vision Controller-Treiber 306.23
NVIDIA 3D Vision Treiber 306.97
NVIDIA Grafiktreiber 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 306.97
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenOffice.org 3.4.1
pdfsam
Personal Backup 5.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Spyware Terminator 2012
SyncToy 2.1 (x86)
TV-Browser 3.2
UBitMenuDE
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.3
Winamp
Winamp Erkennungs-Plug-in
Wondershare PDF Password Remover (Build 1.3.0)
.
==== End Of File ===========================
das wars

ryder 22.12.2012 21:30
Schritt 1:
Deinstalliere SpywareTerminator


Schritt 2:
Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

PistolPetede 23.12.2012 10:42
Hier mein combofix.txt:
Code:
ComboFix 12-12-22.02 - Xxx 23.12.2012  10:20:11.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3007.1999 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-22 11:33 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2012-12-22 09:48 . 2012-12-22 09:48        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-12-22 09:48 . 2012-12-22 09:48        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-12-22 09:48 . 2012-12-22 09:48        --------        d-----w-        c:\programdata\Malwarebytes
2012-12-22 09:48 . 2012-09-29 18:54        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-12-20 19:38 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-20 19:38 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-18 02:19 . 2012-12-18 02:33        --------        d-----w-        c:\users\Xxx\AppData\Local\Microsoft Games
2012-12-17 20:44 . 2012-12-17 20:44        --------        d-----w-        c:\program files\Exifer
2012-12-12 20:27 . 2012-11-22 02:56        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-12-10 20:25 . 2012-12-10 21:58        --------        d-----w-        c:\program files\druckstdu.de
2012-12-07 22:11 . 2012-12-07 22:11        --------        d-----w-        c:\program files\LucasFan Games
2012-12-07 20:48 . 2012-12-07 20:48        --------        d-----w-        c:\users\Xxx\AppData\Roaming\DVDFab
2012-12-05 22:08 . 2012-12-05 22:08        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Media Player Classic
2012-12-05 22:07 . 2012-12-05 22:07        --------        d-----w-        c:\program files\MPC-HC
2012-11-30 18:05 . 2012-11-30 18:05        --------        d-----w-        C:\ISO
2012-11-30 17:59 . 2012-11-30 17:59        --------        d-----w-        c:\programdata\dvdfab
2012-11-30 17:58 . 2012-11-30 18:00        --------        d-----w-        C:\Temp
2012-11-30 17:54 . 2012-11-30 18:00        --------        d-----w-        C:\Log
2012-11-30 17:54 . 2012-11-30 17:54        --------        d-----w-        c:\users\Xxx\AppData\Roaming\NVIDIA
2012-11-30 17:54 . 2012-11-30 17:54        --------        d-----w-        c:\program files\DVDFab 8 Qt
2012-11-30 13:00 . 2012-11-30 13:00        --------        d-----w-        c:\program files\GeoGebra
2012-11-30 12:58 . 2012-11-30 12:58        --------        d-----w-        c:\users\Xxx\AppData\Roaming\mathegrafix
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:30 . 2012-10-04 21:09        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:30 . 2012-10-04 21:09        697272        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-11 14:28 . 2012-10-04 21:07        83944        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-12-11 14:28 . 2012-10-04 21:07        134336        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-11-15 18:38 . 2012-10-04 21:07        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-10-16 21:43 . 2012-10-16 21:43        26984        ----a-w-        c:\windows\system32\drivers\avgtpx86.sys
2012-10-16 07:39 . 2012-11-27 18:22        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-11 12:46 . 2010-05-10 07:09        627288        ----a-w-        c:\windows\system32\drivers\SkyNET.sys
2012-10-10 20:15 . 2012-10-10 20:15        1867112        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15        2574696        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-04 20:24        888168        ----a-w-        c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-04 20:24        12501352        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2012-10-10 20:14        17559912        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-04 20:24        2428776        ----a-w-        c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14        7697768        ----a-w-        c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14        10837352        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14        19906920        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-10-04 20:24        1009512        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14        6127464        ----a-w-        c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2012-10-04 20:24        15309160        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-10-09 17:40 . 2012-11-16 18:09        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 18:09        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-08 18:43 . 2012-10-08 18:43        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-10-08 18:43 . 2012-10-08 18:43        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-10-05 18:39 . 2012-10-05 18:39        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-10-05 18:39 . 2012-10-05 18:39        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-10-05 18:39 . 2012-10-05 18:39        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-10-05 18:39 . 2012-10-05 18:39        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-10-05 18:39 . 2012-10-05 18:39        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-10-05 18:39 . 2012-10-05 18:39        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-10-05 18:39 . 2012-10-05 18:39        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-10-05 18:39 . 2012-10-05 18:39        367104        ----a-w-        c:\windows\system32\html.iec
2012-10-05 18:39 . 2012-10-05 18:39        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-10-05 18:39 . 2012-10-05 18:39        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-10-05 18:39 . 2012-10-05 18:39        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-10-05 18:39 . 2012-10-05 18:39        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-10-05 18:39 . 2012-10-05 18:39        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-10-05 18:39 . 2012-10-05 18:39        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-10-05 18:39 . 2012-10-05 18:39        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-10-04 20:53 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-10-03 16:58 . 2012-11-16 18:09        1293680        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 18:09        52224        ----a-w-        c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 18:09        242176        ----a-w-        c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 18:09        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 18:09        175104        ----a-w-        c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 18:09        156672        ----a-w-        c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 18:09        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 18:09        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:29 . 2012-10-04 20:24        645992        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2012-10-04 20:24        62312        ----a-w-        c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2012-10-04 20:24        2557288        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2012-10-04 20:24        108392        ----a-w-        c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2012-10-04 20:24        2853224        ----a-w-        c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2012-10-04 20:24        3965288        ----a-w-        c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15        430952        ----a-w-        c:\windows\system32\nvStreaming.exe
2012-09-25 22:47 . 2012-11-16 18:09        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-08 18:43        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2003-08-16 00:57 . 2012-10-07 11:11        270406        ----a-w-        c:\program files\DVD Shrink 3.0 Beta 5.exe
2012-12-07 11:27 . 2012-12-07 11:27        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-7 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup        REG_MULTI_SZ          GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 19:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l4ouc8my.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - ExtSQL: 2012-12-02 21:37; toolbar@web.de; c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l4ouc8my.default\extensions\toolbar@web.de.xpi
FF - ExtSQL: 2012-12-08 13:52; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l4ouc8my.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23  10:32:45
ComboFix-quarantined-files.txt  2012-12-23 09:32
.
Vor Suchlauf: 11 Verzeichnis(se), 84.035.747.840 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.948.466.176 Bytes frei
.
- - End Of File - - 4E35F508D5B369E452D4680762B1B400

ryder 23.12.2012 11:17
Bevor es weiter geht:
Hast du noch das Problem?

PistolPetede 23.12.2012 13:43
Ja, das Problem ist noch da. Frage am Rande: kannst du sageb, ob das gefährlich für das System ist oder ob da was ausgespäht wurde?

ryder 23.12.2012 13:58
Das weiß man leider nie so genau.

Zum Eingrenzen: Seit wann hast du das Problem ungefähr?

Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Code:
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES(X86)%\*.*
%appdata%\*.
%appdata%\*.*
%localappdata%\*.
%localappdata%\*.*
%allusersprofile%\*.
%allusersprofile%\*.*
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

PistolPetede 23.12.2012 16:03
hier OTL.txt:
Code:
OTL logfile created on: 23.12.2012 15:48:59 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Xxx\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 75,09% Memory free
5,87 Gb Paging File | 5,14 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,38 Gb Total Space | 78,25 Gb Free Space | 71,54% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 128,20 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 463,28 Gb Free Space | 49,73% Space Free | Partition Type: NTFS
Drive G: | 9,86 Gb Total Space | 5,73 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 486,36 Gb Free Space | 26,11% Space Free | Partition Type: NTFS
Drive I: | 58,92 Gb Total Space | 1,41 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: XXX | User Name: Xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater13.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Xxx\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 74 EA 8A 18 A7 CD 01  [binary data]
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1003\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4.1
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:27:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:27:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:27:43 | 000,000,000 | ---D | M]
 
[2012.10.04 22:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.12.15 18:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\l4ouc8my.default\extensions
[2012.12.02 21:37:50 | 000,566,966 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\toolbar@web.de.xpi
[2012.12.09 17:44:28 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.15 18:20:43 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.11.25 16:01:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.30 13:59:10 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.08 13:52:57 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.12.02 21:37:53 | 000,002,273 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\englische-ergebnisse.xml
[2012.12.02 21:37:53 | 000,010,563 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\gmx-suche.xml
[2012.12.02 21:37:53 | 000,002,432 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\lastminute.xml
[2012.12.02 21:37:53 | 000,005,545 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\webde-suche.xml
[2012.12.07 12:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.07 12:27:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.11.02 09:12:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.02 09:12:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.02 09:12:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.02 09:12:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.02 09:12:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.02 09:12:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.23 10:29:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKU\S-1-5-21-2986282668-171375975-58925643-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2986282668-171375975-58925643-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2986282668-171375975-58925643-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2986282668-171375975-58925643-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B9F1D5D-50DF-4CF7-8F33-5CB646D4F9B7}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D75BEE7C-FAF2-453E-9A79-54EA6940B384}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60702D8B-5E32-B289-79CA-87872305474F} - Microsoft Windows Media Player 12.0
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 10:32:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 10:32:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 10:32:48 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\temp
[2012.12.23 10:19:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.23 10:19:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.23 10:19:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 10:14:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 10:14:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 10:10:44 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\Xxx\Desktop\ComboFix.exe
[2012.12.22 20:12:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Xxx\Desktop\dds.com
[2012.12.22 20:12:11 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Xxx\Desktop\TFC.exe
[2012.12.22 12:12:39 | 000,937,224 | ---- | C] (Crawler.com                                                ) -- C:\Users\Xxx\Desktop\SpywareTerminator30074Setup.exe
[2012.12.22 10:48:26 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.12.22 10:48:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 10:47:53 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Xxx\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.21 21:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
[2012.12.21 21:47:47 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Xxx\Desktop\tdsskiller.exe
[2012.12.18 03:19:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Microsoft Games
[2012.12.17 21:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exifer
[2012.12.17 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Exifer
[2012.12.12 21:37:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 21:37:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 21:37:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 21:37:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 21:37:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 21:37:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 21:37:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 21:37:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 21:27:50 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 21:27:47 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 21:27:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 21:27:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 21:27:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 21:27:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 21:27:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 21:27:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 21:27:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.11 13:20:49 | 000,000,000 | ---D | C] -- g:\Eigene Dateien\DVDFab Passkey
[2012.12.11 09:54:54 | 000,000,000 | ---D | C] -- g:\Eigene Dateien\Eigene Projekte bei druckstdu
[2012.12.10 22:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\druckstdu.de
[2012.12.10 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\druckstdu.de
[2012.12.10 20:13:35 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\Sabine
[2012.12.07 23:12:16 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maniac Mansion Deluxe
[2012.12.07 23:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion Deluxe
[2012.12.07 23:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\LucasFan Games
[2012.12.07 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\DVDFab
[2012.12.07 12:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.05 23:08:37 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Media Player Classic
[2012.12.05 23:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.12.05 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.11.30 19:05:57 | 000,000,000 | ---D | C] -- C:\ISO
[2012.11.30 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012.11.30 18:58:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012.11.30 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.11.30 18:54:28 | 000,000,000 | ---D | C] -- C:\Log
[2012.11.30 18:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.11.30 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2012.11.30 14:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra
[2012.11.30 14:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\GeoGebra
[2012.11.30 13:58:51 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\mathegrafix
[2012.10.07 12:11:19 | 000,270,406 | ---- | C] (DVD Shrink) -- C:\Program Files\DVD Shrink 3.0 Beta 5.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.23 15:38:44 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 15:38:44 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 15:38:26 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.23 15:38:26 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.23 15:38:26 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.23 15:38:26 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.23 15:31:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.23 15:31:22 | 2364,940,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 10:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.23 10:29:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 10:10:56 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\Xxx\Desktop\ComboFix.exe
[2012.12.22 20:12:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Xxx\Desktop\dds.com
[2012.12.22 20:12:13 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\TFC.exe
[2012.12.22 20:12:02 | 000,547,175 | ---- | M] () -- C:\Users\Xxx\Desktop\adwcleaner.exe
[2012.12.22 12:12:39 | 000,937,224 | ---- | M] (Crawler.com                                                ) -- C:\Users\Xxx\Desktop\SpywareTerminator30074Setup.exe
[2012.12.22 10:48:18 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 10:47:56 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Xxx\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.21 21:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
[2012.12.21 21:47:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xxx\Desktop\tdsskiller.exe
[2012.12.21 06:19:38 | 000,425,671 | ---- | M] () -- C:\Users\Xxx\Desktop\Weihnachtsbild.jpg
[2012.12.21 06:17:46 | 000,620,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.17 21:44:50 | 000,000,888 | ---- | M] () -- C:\Users\Xxx\Desktop\Exifer.lnk
[2012.12.11 15:28:23 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 15:28:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.12.11 13:22:01 | 000,000,336 | ---- | M] () -- C:\Users\Xxx\Desktop\BR-Laufwerk (X).lnk
[2012.12.09 17:44:02 | 001,422,466 | ---- | M] () -- C:\Users\Xxx\Desktop\Ritterburg.mp4
[2012.12.05 16:12:56 | 000,220,298 | ---- | M] () -- C:\Users\Xxx\Desktop\Baustelle.jpg
[2012.11.30 18:54:24 | 000,000,973 | ---- | M] () -- C:\Users\Xxx\Desktop\DVDFab 8 Qt.lnk
[2012.11.30 17:17:20 | 000,050,277 | ---- | M] () -- C:\Users\Xxx\Desktop\Terminplan CSG.pdf
[2012.11.30 14:00:13 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\GeoGebra.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.23 10:19:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.23 10:19:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.23 10:19:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.23 10:19:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.23 10:19:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.22 20:12:02 | 000,547,175 | ---- | C] () -- C:\Users\Xxx\Desktop\adwcleaner.exe
[2012.12.22 12:33:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.12.22 10:48:18 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.21 06:19:38 | 000,425,671 | ---- | C] () -- C:\Users\Xxx\Desktop\Weihnachtsbild.jpg
[2012.12.17 21:44:50 | 000,000,888 | ---- | C] () -- C:\Users\Xxx\Desktop\Exifer.lnk
[2012.12.11 13:22:01 | 000,000,336 | ---- | C] () -- C:\Users\Xxx\Desktop\BR-Laufwerk (X).lnk
[2012.12.09 17:44:02 | 001,422,466 | ---- | C] () -- C:\Users\Xxx\Desktop\Ritterburg.mp4
[2012.12.05 16:05:34 | 000,220,298 | ---- | C] () -- C:\Users\Xxx\Desktop\Baustelle.jpg
[2012.11.30 18:54:24 | 000,000,973 | ---- | C] () -- C:\Users\Xxx\Desktop\DVDFab 8 Qt.lnk
[2012.11.30 17:17:20 | 000,050,277 | ---- | C] () -- C:\Users\Xxx\Desktop\Terminplan CSG.pdf
[2012.11.30 14:00:13 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\GeoGebra.lnk
[2012.10.08 18:44:00 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.10.08 18:43:59 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.10.08 18:43:59 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.10.08 18:43:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.10.08 18:43:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.10.05 21:35:35 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.05 21:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7045N.DAT
[2012.10.05 21:34:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.10.05 21:34:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.10.05 18:41:35 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.10.05 18:41:35 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.10.04 21:20:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.07 12:13:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Design Science
[2012.12.07 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDFab
[2012.10.09 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\FastCopy
[2012.11.30 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\mathegrafix
[2012.10.08 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Mp3tag
[2012.10.07 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\OpenOffice.org
[2012.12.16 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\PersBackup5
[2012.12.18 21:34:31 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TV-Browser
[2012.10.04 22:57:47 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\UBitMenu
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.23 10:32:53 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.10.31 23:28:12 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.04 21:20:44 | 000,000,000 | ---D | M] -- C:\Intel
[2012.11.30 19:05:57 | 000,000,000 | ---D | M] -- C:\ISO
[2012.11.30 19:00:47 | 000,000,000 | ---D | M] -- C:\Log
[2012.10.04 22:22:01 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.10.10 11:49:35 | 000,000,000 | ---D | M] -- C:\NST
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.23 10:10:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.23 10:10:20 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.23 10:32:50 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.10.04 21:09:47 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.10.11 18:38:25 | 000,000,000 | ---D | M] -- C:\SharePoint-Entwürfe
[2012.12.23 15:50:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.30 19:00:49 | 000,000,000 | ---D | M] -- C:\Temp
[2012.10.04 21:25:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.23 10:32:48 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.12.22 20:13:15 | 000,005,341 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012.10.10 11:49:41 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2004.08.04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2012.10.30 09:47:14 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012.12.23 10:32:46 | 000,012,919 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.12.23 15:31:22 | 2364,940,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 11:39:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.10.10 13:39:41 | 000,118,904 | ---- | M] () -- C:\metal.jpg
[2012.10.10 11:39:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.10.10 11:49:41 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.13 23:01:56 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2012.12.23 15:31:23 | 3153,256,448 | -HS- | M] () -- C:\pagefile.sys
[2012.12.21 21:48:15 | 000,257,784 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_21.12.2012_21.47.55_log.txt
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003.08.16 01:57:36 | 000,270,406 | ---- | M] (DVD Shrink) -- C:\Program Files\DVD Shrink 3.0 Beta 5.exe
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %appdata%\*.  >
[2012.10.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Adobe
[2012.10.10 07:13:28 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Ahead
[2012.10.04 22:12:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Avira
[2012.10.07 12:13:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Design Science
[2012.11.30 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVD Shrink 3.0
[2012.11.08 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\dvdcss
[2012.12.07 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDFab
[2012.10.09 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\FastCopy
[2012.10.04 21:10:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Identities
[2012.10.05 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\InstallShield
[2012.10.04 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Macromedia
[2012.12.22 10:48:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.11.30 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\mathegrafix
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Media Center Programs
[2012.12.05 23:08:37 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Media Player Classic
[2012.10.11 15:09:04 | 000,000,000 | --SD | M] -- C:\Users\Xxx\AppData\Roaming\Microsoft
[2012.10.04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Mozilla
[2012.10.08 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Mp3tag
[2012.11.30 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.10.07 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\OpenOffice.org
[2012.12.16 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\PersBackup5
[2012.12.18 21:34:31 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TV-Browser
[2012.10.04 22:57:47 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\UBitMenu
[2012.12.18 09:03:39 | 000,000,000 | -H-D | M] -- C:\Users\Xxx\AppData\Roaming\vlc
[2012.10.04 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Winamp
 
< %appdata%\*.*  >
 
< %localappdata%\*.  >
[2012.10.12 19:02:28 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Adobe
[2012.10.08 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Ahead
[2012.10.04 21:10:01 | 000,000,000 | -HSD | M] -- C:\Users\Xxx\AppData\Local\Anwendungsdaten
[2012.12.08 08:47:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Diagnostics
[2012.10.20 13:15:54 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Logitech
[2012.10.04 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Macromedia
[2012.12.17 21:31:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Microsoft
[2012.12.18 03:33:25 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Microsoft Games
[2012.10.10 07:30:36 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Microsoft Help
[2012.10.04 22:02:27 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\Mozilla
[2012.10.09 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\NeoSmart_Technologies
[2012.12.23 15:48:39 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\temp
[2012.10.04 21:10:01 | 000,000,000 | -HSD | M] -- C:\Users\Xxx\AppData\Local\Temporary Internet Files
[2012.10.04 21:10:01 | 000,000,000 | -HSD | M] -- C:\Users\Xxx\AppData\Local\Verlauf
[2012.10.08 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.12.10 21:25:45 | 000,137,488 | ---- | M] () -- C:\Users\Xxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.12.23 14:03:39 | 004,875,487 | -H-- | M] () -- C:\Users\Xxx\AppData\Local\IconCache.db
 
< %allusersprofile%\*.  >
[2012.11.13 14:43:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012.10.08 21:16:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Ahead
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.10.04 22:07:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012.11.06 17:10:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2012.11.18 10:22:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard Entertainment
[2012.10.05 21:34:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Brother
[2012.10.11 13:51:46 | 000,000,000 | ---D | M] -- C:\ProgramData\CMUV
[2012.10.16 22:43:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012.11.30 18:59:07 | 000,000,000 | ---D | M] -- C:\ProgramData\dvdfab
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.10.16 19:53:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\FLEXnet
[2012.10.20 13:15:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Logitech
[2012.12.22 10:48:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.10.11 15:09:04 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.12.12 21:38:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.10.04 22:02:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.10.08 21:14:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2012.12.23 15:31:28 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012.10.04 21:24:32 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012.10.08 19:43:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\Sun
[2012.10.08 18:32:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Synology
[2012.10.11 13:50:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Technisat
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.10.04 21:09:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
 
< %allusersprofile%\*.* >
 
<          >
[2009.07.14 05:53:46 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.10.04 22:09:29 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
und hier Extras.txt:
Code:
OTL Extras logfile created on: 23.12.2012 15:48:59 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Xxx\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 75,09% Memory free
5,87 Gb Paging File | 5,14 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,38 Gb Total Space | 78,25 Gb Free Space | 71,54% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 128,20 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 463,28 Gb Free Space | 49,73% Space Free | Partition Type: NTFS
Drive G: | 9,86 Gb Total Space | 5,73 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 486,36 Gb Free Space | 26,11% Space Free | Partition Type: NTFS
Drive I: | 58,92 Gb Total Space | 1,41 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: XXX | User Name: Xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{260ECEF8-52FE-4CE4-83FA-467B97E894FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{41A0709A-827F-4025-B57D-74BB2F9950FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{545EACDB-DBC3-4B6B-897F-6DD43827A346}" = rport=139 | protocol=6 | dir=out | app=system |
"{559E74D7-9B52-4217-9A92-5C21E5F0F7D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{659B67BA-4FA0-4DC1-8823-8ED1ECFC184B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7E9A995B-DEEB-4201-87A1-16D85605DFF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84CD4A86-27B2-4C35-9B92-7F44F1D5C95F}" = lport=445 | protocol=6 | dir=in | app=system |
"{8A2C4E55-0506-4F1A-957D-59CD2398C685}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8DAB3CCD-E003-4445-84D1-F1D7FFDC50B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E0E4018-0DB3-489C-9A74-A022139A8C5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABBADDA1-F2ED-4660-985D-BAB53B1067C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0474B44-05B5-4757-9CF5-B9E18873FC66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B82868D5-A801-4322-AC5F-E69E5C02280F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8D885D1-F707-4A94-8A43-878A0D7535F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1F587F0-AED2-4BA5-B0FB-0874C516C39D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6152428-57E2-44D9-A445-F03F6E77893C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D99AEA42-00B3-41B9-9A84-F96240CE15AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAF53D5E-15A0-422E-8D7F-6C951724DD0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBFD28BB-8052-413D-BE88-BB75E07155EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB6F6967-6F63-4E66-988F-FA80CB196702}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE8D16DC-15AA-46B0-AF5A-AA65AE6B60FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1B44D30-2543-41C2-BAE5-4E0DEAA9E962}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD5131B6-D822-4E61-9D1D-5544548D5440}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19796979-1808-43DB-9B89-9320BEFADBBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31EE915A-503B-4AE2-8DA2-E3CB579EF921}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{331CE90D-5850-4B1F-9978-68F835FF82F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EAEE201-599C-4A4B-A876-F39181903BCC}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe |
"{5A2F64AA-9801-4449-B914-B910C9E88939}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B6CDA8C-E0FE-4D11-B257-033ECD8EE054}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5D64DB2B-F68C-4111-AF60-6E408548E813}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BDE143B-10F2-41EB-B38E-54BC2C6BE088}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{71DAFC11-BB9E-43F0-B8C5-CABD4FAB3B0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72021E8C-6E99-485F-AE3D-3027F95ABB83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{734FE830-5927-4BF1-B1C9-CADCFB0FAFFD}" = protocol=6 | dir=out | app=system |
"{80BBD45E-DB51-433F-9F7C-C630D3F416E4}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe |
"{96CEEA04-C5B3-473D-A2F1-07D4394AC1FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A02DFE4C-6965-4AB8-B580-4C51DAD967C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{AFA82716-CA98-43A0-B7DE-C3208F270DCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7176462-52C7-4BF3-BD5D-213FB5E2E6CD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C1107AFA-4F09-400B-8581-048D026475DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D02EABCC-219E-4002-B381-B4BE5B898167}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D87F70C5-EAA3-454C-8006-9FB8467511D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA608886-664D-4EC7-8AC0-746C9C2A6F5E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E407F026-8824-4A0D-863F-EDA8279B416D}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe |
"{E5422EBC-023F-41A7-9BF8-0E3D7A1DCA8C}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe |
"{E759D9F3-F553-44F7-89BC-B4D5F66EE3A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB7DCAB-AD02-4E9E-BA39-2FAF60695CA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2165B3DD-AFEA-4CD2-B281-B9F8779EB888}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{78542CE7-F2B5-416C-8177-8010FF71E7E9}C:\users\Xxx\desktop\dsassistant_1920\win\dsassistant.exe" = protocol=6 | dir=in | app=c:\users\Xxx\desktop\dsassistant_1920\win\dsassistant.exe |
"TCP Query User{943F4162-5872-42B4-AFFC-AB43B3B68AEE}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A84A81F1-72BB-4A81-8C4E-5DE1F2870A12}I:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=i:\program files\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{1B4C0DC6-C1E8-4899-93E3-9E0207C0157B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{7C8E696C-9BC7-409F-B0C2-D24E179402BA}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{84BE70BB-F338-41BA-8BF4-54E4428CAA65}C:\users\Xxx\desktop\dsassistant_1920\win\dsassistant.exe" = protocol=17 | dir=in | app=c:\users\Xxx\desktop\dsassistant_1920\win\dsassistant.exe |
"UDP Query User{93F511FF-F405-48BD-AADE-EFF271973B63}I:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=i:\program files\starcraft ii\versions\base23260\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build 1.3.0)
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite DCP-7045N
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"druckstdu.de Designer 1.6.9_is1" = druckstdu.de Designer 1.6.9
"DSMT5" = MathType 5
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.2 (23/11/2012) Qt
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"EasyBCD" = EasyBCD 2.2
"Exifer_is1" = Exifer
"GeoGebra" = GeoGebra
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"pdfsam" = pdfsam
"Personal Backup 5_is1" = Personal Backup 5.4
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.12.2012 07:36:24 | Computer Name = Xxx | Source = Application Hang | ID = 1002
Description = Programm Persbackup.exe, Version 5.4.2.1 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e4c    Startzeit:
01cddb7ebfd5d00b    Endzeit: 16    Anwendungspfad: C:\Program Files\Personal Backup 5\Persbackup.exe

Berichts-ID:
 
 
Error - 17.12.2012 17:52:50 | Computer Name = Xxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/17 22:52:50.687]: [00000360]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5 
 
Error - 17.12.2012 18:23:02 | Computer Name = Xxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/17 23:23:02.671]: [00000360]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5 
 
Error - 17.12.2012 22:08:19 | Computer Name = Xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: druckstdu.exe, Version: 2.0.0.3,
Zeitstempel: 0x4f15946b  Name des fehlerhaften Moduls: druckstdu.exe, Version: 2.0.0.3,
 Zeitstempel: 0x4f15946b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001bc899  ID des fehlerhaften
 Prozesses: 0x550  Startzeit der fehlerhaften Anwendung: 0x01cddc91ddbe8bdc  Pfad der
 fehlerhaften Anwendung: C:\Program Files\druckstdu.de\druckstdu.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\druckstdu.de\druckstdu.exe  Berichtskennung: ca328a1b-48b7-11e2-8107-0018f3649394
 
Error - 22.12.2012 13:12:01 | Computer Name = Xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199,
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.2.3199,
 Zeitstempel: 0x4ee2440b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004029b  ID des fehlerhaften
 Prozesses: 0xbb4  Startzeit der fehlerhaften Anwendung: 0x01cde0676c690782  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Winamp\winamp.exe  Berichtskennung: b2bf2ac4-4c5a-11e2-9447-0018f3649394
 
Error - 22.12.2012 14:13:38 | Computer Name = Xxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/22 19:13:38.888]: [00000288]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5 
 
Error - 22.12.2012 14:13:49 | Computer Name = Xxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/22 19:13:49.749]: [00000288]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5 
 
Error - 22.12.2012 14:13:50 | Computer Name = Xxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/22 19:13:50.763]: [00000288]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5 
 
Error - 22.12.2012 14:13:51 | Computer Name = Xxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/22 19:13:51.777]: [00000288]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5 
 
Error - 23.12.2012 05:24:45 | Computer Name = Xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PEV.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e06cfe8  Name des fehlerhaften Moduls: PEV.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e06cfe8  Ausnahmecode: 0x40000015  Fehleroffset: 0x0008d1c0  ID des fehlerhaften Prozesses:
 0xe4c  Startzeit der fehlerhaften Anwendung: 0x01cde0ef58025e54  Pfad der fehlerhaften
 Anwendung: C:\ComboFix\PEV.exe  Pfad des fehlerhaften Moduls: C:\ComboFix\PEV.exe
Berichtskennung:
 966af5ea-4ce2-11e2-916d-0018f3649394
 
[ System Events ]
Error - 18.12.2012 16:34:37 | Computer Name = Xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 18.12.2012 16:34:38 | Computer Name = Xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 18.12.2012 16:34:39 | Computer Name = Xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 18.12.2012 16:34:39 | Computer Name = Xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 18.12.2012 16:41:42 | Computer Name = Xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
Error - 22.12.2012 15:15:42 | Computer Name = Xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 22.12.2012 15:16:05 | Computer Name = Xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "Spyware Terminator 2012 Realtime Shield Service" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 23.12.2012 05:19:58 | Computer Name = Xxx | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.12.2012 05:22:27 | Computer Name = Xxx | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.12.2012 05:29:43 | Computer Name = Xxx | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
Zwischendurch: Schonmal DANKE für Deine Hilfe!!!

ryder 23.12.2012 16:11
Fix mit OTL

Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
Code:
:OTL
SRV - (vToolbarUpdater13.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4
[2012.11.30 13:59:10 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

:files
C:\Programme\Common Files\AVG Secure Search


:commands
[Emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:


Immer noch Probleme?

PistolPetede 23.12.2012 20:57
Die Google Probleme sind noch da. Ich weiß ja nicht, aber normal ist doch nicht, dass nach ca. 1 sec. auf der google-Treffer-Seite plözlich neue Treffer wie: worddictionary.co.uk/; premiumdatingclub.com/; premium-dating-club.com/; topbrandgifts.com/; ... unter den ersten fünf auftauchen, oder?!?

Was hat eigentlicg OTL jetzt gemacht, mein TabMixPlus ist z.B. nicht mehr da.

die OTL.txt Datei:
Code:
All processes killed
========== OTL ==========
Service vToolbarUpdater13.2.0 stopped successfully!
Service vToolbarUpdater13.2.0 deleted successfully!
C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe moved successfully.
Prefs.js: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4 removed from extensions.enabledAddons
C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi moved successfully.
========== FILES ==========
C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0 folder moved successfully.
C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Programme\Common Files\AVG Secure Search folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Xxx
->Temp folder emptied: 31813 bytes
->Temporary Internet Files folder emptied: 531038 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 103769811 bytes
->Flash cache emptied: 1190 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5708 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 100,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12232012_204907

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ryder 23.12.2012 21:06
Natürlich ist das nicht normal.

Ich brauche jetzt nochmal ein Kontroll-Logfile und muss mir das nochmal genau ansehen:
Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

PistolPetede 23.12.2012 23:04
Hier das OTL.txt-file:
Code:
OTL logfile created on: 23.12.2012 23:00:12 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Xxx\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 74,54% Memory free
5,87 Gb Paging File | 5,10 Gb Available in Paging File | 86,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,38 Gb Total Space | 79,34 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 128,20 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 463,28 Gb Free Space | 49,73% Space Free | Partition Type: NTFS
Drive F: | 14,92 Gb Total Space | 8,66 Gb Free Space | 58,05% Space Free | Partition Type: FAT32
Drive G: | 9,86 Gb Total Space | 5,73 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 486,36 Gb Free Space | 26,11% Space Free | Partition Type: NTFS
Drive I: | 58,92 Gb Total Space | 1,41 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: XXX | User Name: Xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Xxx\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 74 EA 8A 18 A7 CD 01  [binary data]
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2986282668-171375975-58925643-1003\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:27:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:27:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:27:43 | 000,000,000 | ---D | M]
 
[2012.10.04 22:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.12.23 20:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\l4ouc8my.default\extensions
[2012.12.02 21:37:50 | 000,566,966 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\toolbar@web.de.xpi
[2012.12.09 17:44:28 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.15 18:20:43 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.11.25 16:01:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.08 13:52:57 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.12.23 20:51:07 | 000,000,911 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\11-suche.xml
[2012.12.02 21:37:53 | 000,002,273 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\englische-ergebnisse.xml
[2012.12.02 21:37:53 | 000,010,563 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\gmx-suche.xml
[2012.12.02 21:37:53 | 000,002,432 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\lastminute.xml
[2012.12.02 21:37:53 | 000,005,545 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\l4ouc8my.default\searchplugins\webde-suche.xml
[2012.12.07 12:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.07 12:27:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.11.02 09:12:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.02 09:12:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.02 09:12:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.02 09:12:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.02 09:12:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.02 09:12:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.23 10:29:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKU\S-1-5-21-2986282668-171375975-58925643-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2986282668-171375975-58925643-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2986282668-171375975-58925643-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2986282668-171375975-58925643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2986282668-171375975-58925643-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B9F1D5D-50DF-4CF7-8F33-5CB646D4F9B7}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D75BEE7C-FAF2-453E-9A79-54EA6940B384}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 20:49:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.23 10:32:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 10:32:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 10:32:48 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\temp
[2012.12.23 10:19:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.23 10:19:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.23 10:19:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 10:14:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 10:14:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 10:10:44 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\Xxx\Desktop\ComboFix.exe
[2012.12.22 20:12:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Xxx\Desktop\dds.com
[2012.12.22 20:12:11 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Xxx\Desktop\TFC.exe
[2012.12.22 12:12:39 | 000,937,224 | ---- | C] (Crawler.com                                                ) -- C:\Users\Xxx\Desktop\SpywareTerminator30074Setup.exe
[2012.12.22 10:48:26 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.12.22 10:48:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.22 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 10:47:53 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Xxx\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.21 21:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
[2012.12.21 21:47:47 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Xxx\Desktop\tdsskiller.exe
[2012.12.18 03:19:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Microsoft Games
[2012.12.17 21:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exifer
[2012.12.17 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Exifer
[2012.12.11 13:20:49 | 000,000,000 | ---D | C] -- g:\Eigene Dateien\DVDFab Passkey
[2012.12.11 09:54:54 | 000,000,000 | ---D | C] -- g:\Eigene Dateien\Eigene Projekte bei druckstdu
[2012.12.10 22:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\druckstdu.de
[2012.12.10 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\druckstdu.de
[2012.12.10 20:13:35 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\Sabine
[2012.12.07 23:12:16 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maniac Mansion Deluxe
[2012.12.07 23:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion Deluxe
[2012.12.07 23:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\LucasFan Games
[2012.12.07 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\DVDFab
[2012.12.07 12:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.05 23:08:37 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Media Player Classic
[2012.12.05 23:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.12.05 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.11.30 19:05:57 | 000,000,000 | ---D | C] -- C:\ISO
[2012.11.30 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012.11.30 18:58:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012.11.30 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.11.30 18:54:28 | 000,000,000 | ---D | C] -- C:\Log
[2012.11.30 18:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.11.30 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2012.11.30 14:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra
[2012.11.30 14:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\GeoGebra
[2012.11.30 13:58:51 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\mathegrafix
[2012.10.07 12:11:19 | 000,270,406 | ---- | C] (DVD Shrink) -- C:\Program Files\DVD Shrink 3.0 Beta 5.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.23 22:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.23 22:56:46 | 2364,940,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 20:57:24 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 20:57:24 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 20:54:25 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.23 20:54:25 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.23 20:54:25 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.23 20:54:25 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.23 16:08:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.23 10:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.23 10:29:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 10:10:56 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\Xxx\Desktop\ComboFix.exe
[2012.12.22 20:12:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Xxx\Desktop\dds.com
[2012.12.22 20:12:13 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\TFC.exe
[2012.12.22 20:12:02 | 000,547,175 | ---- | M] () -- C:\Users\Xxx\Desktop\adwcleaner.exe
[2012.12.22 12:12:39 | 000,937,224 | ---- | M] (Crawler.com                                                ) -- C:\Users\Xxx\Desktop\SpywareTerminator30074Setup.exe
[2012.12.22 10:48:18 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 10:47:56 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Xxx\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.21 21:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe
[2012.12.21 21:47:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xxx\Desktop\tdsskiller.exe
[2012.12.21 06:19:38 | 000,425,671 | ---- | M] () -- C:\Users\Xxx\Desktop\Weihnachtsbild.jpg
[2012.12.21 06:17:46 | 000,620,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.17 21:44:50 | 000,000,888 | ---- | M] () -- C:\Users\Xxx\Desktop\Exifer.lnk
[2012.12.11 15:28:23 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 15:28:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.12.11 13:22:01 | 000,000,336 | ---- | M] () -- C:\Users\Xxx\Desktop\BR-Laufwerk (X).lnk
[2012.12.09 17:44:02 | 001,422,466 | ---- | M] () -- C:\Users\Xxx\Desktop\Ritterburg.mp4
[2012.12.05 16:12:56 | 000,220,298 | ---- | M] () -- C:\Users\Xxx\Desktop\Baustelle.jpg
[2012.11.30 18:54:24 | 000,000,973 | ---- | M] () -- C:\Users\Xxx\Desktop\DVDFab 8 Qt.lnk
[2012.11.30 17:17:20 | 000,050,277 | ---- | M] () -- C:\Users\Xxx\Desktop\Terminplan CSG.pdf
[2012.11.30 14:00:13 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\GeoGebra.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.23 16:08:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.23 10:19:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.23 10:19:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.23 10:19:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.23 10:19:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.23 10:19:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.22 20:12:02 | 000,547,175 | ---- | C] () -- C:\Users\Xxx\Desktop\adwcleaner.exe
[2012.12.22 12:33:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.12.22 10:48:18 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.21 06:19:38 | 000,425,671 | ---- | C] () -- C:\Users\Xxx\Desktop\Weihnachtsbild.jpg
[2012.12.17 21:44:50 | 000,000,888 | ---- | C] () -- C:\Users\Xxx\Desktop\Exifer.lnk
[2012.12.11 13:22:01 | 000,000,336 | ---- | C] () -- C:\Users\Xxx\Desktop\BR-Laufwerk (X).lnk
[2012.12.09 17:44:02 | 001,422,466 | ---- | C] () -- C:\Users\Xxx\Desktop\Ritterburg.mp4
[2012.12.05 16:05:34 | 000,220,298 | ---- | C] () -- C:\Users\Xxx\Desktop\Baustelle.jpg
[2012.11.30 18:54:24 | 000,000,973 | ---- | C] () -- C:\Users\Xxx\Desktop\DVDFab 8 Qt.lnk
[2012.11.30 17:17:20 | 000,050,277 | ---- | C] () -- C:\Users\Xxx\Desktop\Terminplan CSG.pdf
[2012.11.30 14:00:13 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\GeoGebra.lnk
[2012.10.08 18:44:00 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.10.08 18:43:59 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.10.08 18:43:59 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.10.08 18:43:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.10.08 18:43:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.10.05 21:35:35 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.05 21:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7045N.DAT
[2012.10.05 21:34:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.10.05 21:34:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.10.05 18:41:35 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.10.05 18:41:35 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.10.04 21:20:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.07 12:13:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Design Science
[2012.12.07 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDFab
[2012.10.09 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\FastCopy
[2012.11.30 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\mathegrafix
[2012.10.08 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Mp3tag
[2012.10.07 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\OpenOffice.org
[2012.12.16 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\PersBackup5
[2012.12.18 21:34:31 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TV-Browser
[2012.10.04 22:57:47 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\UBitMenu
 
========== Purity Check ==========
 
 

< End of report >


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:45 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132