Unbekannter Prozess 2E0.exe

Pukas · 14.10.2011, 03:04

Hallo liebe Trojaner!
Ich habe seit ein paar Tagen den genannten Prozess laufen und weiß nicht woher und warum.
Ich hatte auch kurzzeitig das Problem, dass Firefox mich auf falsche Seiten geführt hat. Ich erwähne das nur, weil es vielleicht damit zusammen hängt??? Dieses Problem konnte ich aber beheben, weil Firefox nach Neustart immer wieder einen Proxy eingestellt hatte. Sobald ich die Einstellung auf "kein Proxy" zurücksetzte, ging alles für die jeweilige Sitzung klar und alles war gut. Ich hab dann bemerkt, dass das Verhalten von Stealthy für den Browserlaunch nicht auf "automatically switch Stealthy off" eingestellt war. Mit dieser Einstellung, ist jetzt auch kein Proxy beim Neustart des Browsers eingestellt und es gibt auch keine falschen Weiterleitungen. Also lags wohl daran? Jedoch sollte ja Stealthy sowas trotzdem nicht machen...

Ein, zwei Tage später fiehl mir der Prozess auf und dann sagten 4 der Virenscanner bei Jottis Malwarescanner, 2E0.exe sei ein Trojaner. Im Verzeichnis: C:\Users\***\AppData\Roaming\Microsoft\F4A8

Google sagt mir nix dazu... vielleicht ist es ja auch nix. Oder vielleicht hab ich ein ganz anderes Problem. Ich wär jedenfalls sehr froh, wenn ihr mir helfen könnt. Hier mal die Logfiles...OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.10.2011 19:28:49 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\***\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,90% Memory free
5,99 Gb Paging File | 4,71 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 184,25 Gb Free Space | 61,83% Space Free | Partition Type: NTFS
Drive Y: | 465,76 Gb Total Space | 56,14 Gb Free Space | 12,05% Space Free | Partition Type: NTFS
 
Computer Name: MASCHINE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe ()
PRC - C:\Users\***\AppData\Roaming\C6EF4\lvvm.exe ()
PRC - C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Silvercrest MTS2218 driver\KMProcess.exe (UASSOFT.COM)
PRC - C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Programme\Silvercrest MTS2218 driver\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe (UASSOFT.COM)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe ()
MOD - C:\Users\***\AppData\Roaming\C6EF4\lvvm.exe ()
MOD - C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Silvercrest MTS2218 driver\keydll.dll ()
MOD - C:\Programme\Silvercrest MTS2218 driver\MouseHook.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ST2012_Svc) -- C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (KMWDSERVICE) -- C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe (UASSOFT.COM)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (uigcrdr) -- C:\Windows\System32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (RDID1049) -- C:\Windows\System32\drivers\RDWM1049.sys (Roland Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Nsynas32) -- C:\Windows\System32\drivers\NSynas32.sys (Syncrosoft Hard- und Software GmbH)
DRV - (DOSMEMIO) -- C:\Windows\System32\MEMIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1923136579-721262928-3964250762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1923136579-721262928-3964250762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1923136579-721262928-3964250762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1923136579-721262928-3964250762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 8C 56 24 05 0E CB 01  [binary data]
IE - HKU\S-1-5-21-1923136579-721262928-3964250762-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1923136579-721262928-3964250762-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62707
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/"
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62707
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.03 16:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.02 20:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.04 22:47:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 22:47:32 | 000,000,000 | ---D | M]
 
[2011.01.17 16:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.17 16:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.02 20:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\81wxeej3.default\extensions
[2011.06.23 00:15:05 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\81wxeej3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.06.16 13:40:45 | 000,000,000 | ---D | M] (Cubbi.es) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\81wxeej3.default\extensions\jid1-ScromwMkJq3ztw@jetpack
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\81wxeej3.default\searchplugins\conduit.xml
[2011.09.05 11:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.13 16:33:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81WXEEJ3.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81WXEEJ3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81WXEEJ3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81WXEEJ3.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81WXEEJ3.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.10.02 20:55:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,165,656 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 20:55:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 20:55:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 20:55:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 20:55:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 20:55:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 20:55:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.26 04:10:59 | 000,432,840 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 14894 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\Windows\System32\TWEAKUI.CPL (Brummelchen@gmx.at)
O4 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001..\Run: [2E0.exe] C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe ()
O4 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001..\Run: [AVMUSBFernanschluss] C:\Users\***\AppData\Local\Apps\2.0\ZXO0GO5L.2QX\78GXRBGY.P77\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B576FA7E-3E6D-433B-B809-6BEA2945D9FD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001 Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001 Winlogon: Shell - (C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe) -C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22e505ed-c664-11df-916e-002269d1ebcd}\Shell - "" = AutoRun
O33 - MountPoints2\{22e505ed-c664-11df-916e-002269d1ebcd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.13 19:11:00 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.13 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2011.10.13 13:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.10.13 13:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2011.10.13 13:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.10.12 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Shell Tools
[2011.10.12 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox Shell Tools
[2011.10.12 16:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox Shell Tools
[2011.10.12 16:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.10.11 14:06:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\C6EF4
[2011.10.11 14:05:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\8C8C6
[2011.10.05 14:46:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads
[2011.10.04 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_MusicEditor
[2011.10.04 13:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.10.04 13:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.09.30 12:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\enchant
[2011.09.30 12:05:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.purple
[2011.09.30 12:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2011.09.27 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mufin
[2011.09.27 20:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\mufin
[2011.09.27 20:48:57 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011.09.26 01:53:06 | 000,253,952 | ---- | C] (Flo) -- C:\Users\***\Desktop\Vista-ShutdownTimer.exe.old
[2011.09.16 00:50:50 | 000,253,952 | ---- | C] (Flo) -- C:\Users\***\Desktop\Vista-ShutdownTimer.exe
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.13 19:28:15 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\zjg18cc8.exe
[2011.10.13 19:21:28 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.13 19:21:28 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.13 19:15:47 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.13 19:15:47 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.10.13 19:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.13 19:15:26 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.13 19:11:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.13 19:10:08 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.10.13 19:09:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.10.13 19:01:16 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2011.10.13 18:45:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.13 18:41:57 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.13 18:41:57 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.13 18:41:57 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.13 18:41:57 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.13 13:46:56 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2011.10.12 16:03:35 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.10.12 02:02:18 | 001,064,790 | ---- | M] () -- C:\Users\***\Documents\Manuel_hasselhoff.cpt
[2011.10.12 01:23:11 | 000,001,540 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2011.10.11 23:45:18 | 000,173,568 | ---- | M] () -- C:\Users\***\AppData\Roaming\firefox.exe
[2011.10.11 14:06:37 | 000,175,616 | ---- | M] () -- C:\Users\***\AppData\Roaming\dwm.exe
[2011.10.10 01:24:15 | 000,253,952 | ---- | M] (Flo) -- C:\Users\***\Desktop\Vista-ShutdownTimer.exe
[2011.10.10 01:19:27 | 000,008,180 | ---- | M] () -- C:\Users\***\AppData\Roaming\6EF4.C8C
[2011.09.29 09:23:56 | 347,574,080 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.26 01:53:06 | 000,253,952 | ---- | M] (Flo) -- C:\Users\***\Desktop\Vista-ShutdownTimer.exe.old
[2011.09.15 09:45:13 | 001,276,387 | ---- | M] () -- C:\Users\***\Documents\BaseCamp.Backup
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.13 19:28:14 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\zjg18cc8.exe
[2011.10.13 19:10:08 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.10.13 19:09:32 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.10.13 19:01:16 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2011.10.13 13:46:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.10.13 13:46:56 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2011.10.12 16:03:35 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.10.12 01:23:11 | 000,001,540 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.10.11 18:40:25 | 000,173,568 | ---- | C] () -- C:\Users\***\AppData\Roaming\firefox.exe
[2011.10.05 14:53:55 | 000,175,616 | ---- | C] () -- C:\Users\***\AppData\Roaming\dwm.exe
[2011.10.05 14:46:32 | 000,008,180 | ---- | C] () -- C:\Users\***\AppData\Roaming\6EF4.C8C
[2011.09.30 12:04:42 | 000,000,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2011.07.11 02:39:51 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{BB39DF9E-A5BA-4E16-A024-14F2EB2A5471}
[2011.06.24 22:41:47 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.06.23 22:35:55 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.09.07 17:02:25 | 000,018,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.09 00:51:24 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.07.05 22:52:42 | 000,062,941 | ---- | C] () -- C:\Windows\hpqins01.dat
[2010.07.05 22:46:15 | 000,181,783 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010.07.05 22:46:15 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.07.05 22:24:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2010.06.19 22:31:02 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.06.18 03:26:02 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RDCI1049.DLL
[2010.06.18 00:48:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.18 00:15:15 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI
[2010.06.18 00:13:43 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS
[2010.06.17 19:06:51 | 000,088,592 | ---- | C] () -- C:\Windows\StkUnist.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,383,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2010.09.08 23:52:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Celemony Software GmbH
[2011.10.09 02:26:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2011.10.13 16:23:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8C8C6
[2011.04.26 04:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ableton
[2011.06.10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development
[2011.10.13 16:23:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\C6EF4
[2010.08.09 00:51:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.03 18:41:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Celemony Software GmbH
[2010.10.30 00:43:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 3 Tiberium Wars
[2011.10.12 16:16:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.01.26 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.04.07 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.30 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\enchant
[2011.05.03 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote
[2011.09.13 19:48:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2011.05.11 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.08.12 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2011.01.24 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2010.08.11 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Golden Software
[2011.10.12 01:22:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.10.16 00:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.08.22 12:33:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iZotope
[2011.05.15 04:43:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Key Metric Software
[2011.10.04 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.05.15 01:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam
[2011.05.11 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3 Organizer
[2011.10.08 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.08.17 09:49:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.17 11:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PanPlot
[2010.06.29 16:03:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scan2PDF
[2011.10.13 13:46:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2011.09.06 10:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2010.09.20 12:21:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2011.05.04 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.09.06 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.01.17 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.08.26 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.08.12 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.10.13 19:15:47 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.10.01 21:17:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.09.08 23:41:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.06 23:50:53 | 000,000,000 | ---D | M] -- C:\archive_db
[2011.06.27 16:21:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.13 18:57:39 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.17 11:17:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.13 19:05:22 | 000,000,000 | ---D | M] -- C:\Garmin
[2010.06.17 21:07:33 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.18 02:28:54 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.13 19:01:16 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.13 19:15:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.17 11:17:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.17 11:17:35 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.12 06:58:03 | 000,000,000 | ---D | M] -- C:\squid
[2011.10.13 19:30:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.12 13:16:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.13 19:01:16 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.10.06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009.10.06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-29 01:02:02

< End of report >

--- --- ---

markusg · 14.10.2011, 10:35

hiho
bitte ersetze in meinem script *** durch deinen nutzernamen, sonst klappts nicht.
deinstaliere spybot, starte neu, es kann sonst die reinigung stören.

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
PRC - C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe ()
PRC - C:\Users\***\AppData\Roaming\C6EF4\lvvm.exe ()
PRC - C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe ()
MOD - C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe ()
MOD - C:\Users\***\AppData\Roaming\C6EF4\lvvm.exe ()
MOD - C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe ()
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001..\Run: [2E0.exe] C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe ()
O20 - HKU\S-1-5-21-1923136579-721262928-3964250762-1001 Winlogon: Shell - (C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe) -C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe
()
:Files
C:\Users\***\AppData\Roaming\8C8C6
C:\Users\***\AppData\Roaming\C6EF4
C:\Users\***\AppData\Roaming\Microsoft\F4A8
:Commands
[purity]
[EMPTYFLASH] 
[resethosts]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Pukas · 14.10.2011, 12:01

So. Jetzt versteh ich dieses Programm auch mal ein wenig...

All processes killed
========== OTL ==========
No active process named C97F4.exe was found!
No active process named lvvm.exe was found!
No active process named 2E0.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1923136579-721262928-3964250762-1001\Software\Microsoft\Windows\CurrentVersion\Run\\2E0.exe deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\F4A8\2E0.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1923136579-721262928-3964250762-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe deleted successfully.
File \Users\***\AppData\Roaming\8C8C6\C97F4.exe) -C:\Users\***\AppData\Roaming\8C8C6\C97F4.exe not found.
========== FILES ==========
C:\Users\***\AppData\Roaming\8C8C6 folder moved successfully.
C:\Users\***\AppData\Roaming\C6EF4 folder moved successfully.
C:\Users\***\AppData\Roaming\Microsoft\F4A8 folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: ***
->Flash cache emptied: 10796 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 209745 bytes
->Temporary Internet Files folder emptied: 59670 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 51778923 bytes
->Temporary Internet Files folder emptied: 36982673 bytes
->Java cache emptied: 2274192 bytes
->FireFox cache emptied: 100930893 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1388544 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9316428 bytes
RecycleBin emptied: 8663184762 bytes

Total Files Cleaned = 8.455,00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10142011_124532

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 14.10.2011, 14:57

danke für den upload.
dann mal weiter:
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Pukas · 14.10.2011, 15:06

Ich hatte vorher Probleme Spybot wieder zu installieren, da die Verbindung zum Server fehlschlug. Daraufhin habe ich die Internetoptionen zurückgesetzt. Gleichzeitig fiehl mir im Verzeichnis des IE folgendes auf: C:\Program Files\Internet Explorer\F4A8\2E0.exe
Habe ich dann manuell gelöscht.
Spybotinstallation ging dann. Er hat mir dann zwei Probleme gemeldet, die ich gleich beheben lassen hab...

Win32.FakeAlert.ttam: [SBI $FA94E499] Ausführbare Datei (Datei, fixed) C:\Users\***\AppData\Roaming\Microsoft\conhost.exe Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FakeAlert.ttam: [SBI $99F7242B] Ausführbare Datei (Datei, fixed) C:\Users\***\AppData\Roaming\dwm.exe Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Soll ich nochmal ein log posten?

Edit:
Sorry... war ich wohl zu übereifrig? Ich habe deine Antwort erst nach meinem Post gelesen.

markusg · 14.10.2011, 15:08

nein du sollst überhaupt nichts anderes bitte machen außer das was ich dir schreibe, denn das vereinfacht mir die arbeit. auf spybot kann man sowieso verzichten. nur 1 update pro woche etc.
also bitte combofix ausführen.

Pukas · 14.10.2011, 15:34

Nochmals Entschuldigung... ich hatte deinen Post zu spät gelesen und dann waren meine Aktionen schon geschehen.
Und vielen vielen Dank für deine Hilfe!

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-10-14.02 - *** 14.10.2011  16:14:27.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3067.1833 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\6EF4.C8C
c:\users\***\AppData\Roaming\firefox.exe
c:\users\***\Documents\~WRL2432.tmp
c:\users\***\Documents\~WRL2574.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-14 bis 2011-10-14  ))))))))))))))))))))))))))))))
.
.
2011-10-14 14:22 . 2011-10-14 14:22	--------	d-----w-	c:\users\***\AppData\Local\temp
2011-10-14 14:22 . 2011-10-14 14:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-14 14:22 . 2011-10-14 14:22	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-10-14 10:45 . 2011-10-14 10:45	--------	d-----w-	C:\_OTL
2011-10-14 00:41 . 2011-10-14 00:45	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2011-10-13 22:52 . 2011-08-17 04:24	465408	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-13 22:52 . 2011-08-17 04:19	75776	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-13 22:52 . 2011-08-27 04:26	571904	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-13 22:52 . 2011-08-27 04:26	233472	----a-w-	c:\windows\system32\oleacc.dll
2011-10-13 22:52 . 2011-09-06 02:28	2334720	----a-w-	c:\windows\system32\win32k.sys
2011-10-13 11:46 . 2011-06-21 09:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-12 14:24 . 2011-10-12 14:24	--------	d-----w-	c:\program files\Dropbox Shell Tools
2011-10-04 11:35 . 2011-10-13 16:54	--------	d-----w-	c:\program files\MAGIX
2011-09-30 10:05 . 2011-09-30 10:05	--------	d-----w-	c:\users\***\AppData\Roaming\enchant
2011-09-30 10:05 . 2011-10-09 00:26	--------	d-----w-	c:\users\***\AppData\Roaming\.purple
2011-09-30 10:04 . 2011-09-30 10:04	--------	d-----w-	c:\program files\Pidgin
2011-09-27 18:49 . 2011-09-27 18:49	--------	d-----w-	c:\programdata\mufin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-23 10:09 . 2011-05-23 07:26	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 12:26 . 2011-08-12 10:32	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2011-09-01 12:19 . 2011-08-12 10:32	21312	----a-w-	c:\windows\system32\authuitu.dll
2011-09-01 12:19 . 2011-08-12 10:32	29504	----a-w-	c:\windows\system32\uxtuneup.dll
2011-08-14 16:16 . 2011-08-14 16:16	101248	----a-w-	c:\windows\system32\drivers\avmaudio.sys
2011-08-14 16:16 . 2011-08-14 16:16	32256	----a-w-	c:\windows\system32\MiniInstaller.dll
2011-10-02 18:55 . 2011-05-10 22:00	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\***\AppData\Local\Apps\2.0\ZXO0GO5L.2QX\78GXRBGY.P77\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-08-14 147456]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Tweak UI 1.33 deutsch"="TWEAKUI.CPL" [2000-10-06 106544]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 136176]
R3 ADDMEM;ADDMEM;c:\users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 136176]
R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-09-28 18432]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 227600]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RDID1049;UA-101;c:\windows\system32\Drivers\rdwm1049.sys [2009-09-17 169344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-04 1343400]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-10-08 56208]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 uigcrdr;uigcrdr;c:\windows\system32\DRIVERS\uigcrdr.sys [2010-07-15 145408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2000-08-23 4300]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [2009-10-08 201216]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-01 1526080]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-10 641464]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-08-14 101248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-17 6758912]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-06-06 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-12 16:47]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 07:03]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 07:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:62707
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\81wxeej3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-14  16:25:12
ComboFix-quarantined-files.txt  2011-10-14 14:25
.
Vor Suchlauf: 10 Verzeichnis(se), 203.664.248.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 203.560.005.632 Bytes frei
.
- - End Of File - - DE9EC3B9DE7CDE1DBA6BC86819AB3D27

--- --- ---

markusg · 14.10.2011, 15:37

wie gesagt, spybot stört die reinigung, deinstaliere es, starte neu!

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Pukas · 14.10.2011, 18:06

Ist mein PC jetzt wieder heile?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7945

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.10.2011 19:04:06
mbam-log-2011-10-14 (19-04-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Y:\|)
Durchsuchte Objekte: 519126
Laufzeit: 2 Stunde(n), 18 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\Users\***\AppData\Roaming\firefox.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\10142011_124532\C_Users\---\AppData\Roaming\8C8C6\C97F4.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\10142011_124532\C_Users\---\AppData\Roaming\C6EF4\lvvm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\10142011_124532\C_Users\---\AppData\Roaming\microsoft\F4A8\2E0.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

markusg · 14.10.2011, 18:20

bald.
lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Pukas · 15.10.2011, 15:32

Ich habe die Rubrik "unbekannt" mal auf die Programme erweitert, die ich zwar kenne, wo ich aber nicht genau weiß, was sie machen und ob es bei manchen nicht auch ohne sie geht.

"7-Zip 9.20"		14.10.11			"notwendig"
"ACD/Labs Software in C:\Program Files\ACDFREE12\"	"ACD/Labs"	11.08.11		"v12.00, FREE"	"notwendig"
"Adobe Flash Player 10 ActiveX"	"Adobe Systems, Inc."	04.07.10	"1,85MB"	"10.0.32.18"	"notwendig"
"Adobe Flash Player 10 Plugin"	"Adobe Systems Incorporated"	22.09.11	"6,00MB"	"10.3.183.10"	"notwendig"
"Adobe Reader X (10.1.0) - Deutsch"	"Adobe Systems Incorporated"	17.06.11	"165,3MB"	10.01.00	"notwendig"
"Advanced PDF Password Recovery"	"ElcomSoft Co. Ltd."	19.08.11		01.05.00	"notwendig"
"Avira AntiVir Personal - Free Antivirus"	"Avira GmbH"	29.09.11	"61,8MB"	"10.2.0.703"	"notwendig"
"AVM FRITZ!Box USB-Fernanschluss"	"AVM Berlin"	13.10.11		"2.2.1.0"	"notwendig"
"Biet-O-Matic v2.14.0"	"BOM Development Team"	18.06.10		"Biet-O-Matic v2.14.0"	"notwendig"
"CCleaner"	"Piriform"	14.10.11		03.11.11	"notwendig"
"CDBurnerXP"	"CDBurnerXP"	08.08.10	"16,3MB"	"4.3.7.2316"	"notwendig"
"Cisco AnyConnect VPN Client"	"Cisco Systems, Inc."	06.09.11	"4,65MB"	02.05.46	"notwendig"
"Citavi"	"Swiss Academic Software"	14.10.11	"62,9MB"	"3.1.15.0"	"notwendig"
"Corel Graphics - Windows Shell Extension"	"Corel Corporation"	21.06.10	"2,93MB"	"15.0.0.487"	"notwendig"
"CorelDRAW(R) Graphics Suite X5"	"Corel Corporation"	21.06.10	"913MB"	"15.0.0.486"	"notwendig"
"DHTML Editing Component"	"Microsoft Corporation"	13.07.10	"0,54MB"	06.02.01	"unbekannt"
"DivX-Setup"	"DivX, LLC"	16.04.11		"2.4.1.4"	"unbekannt"
"Dropbox"	"Dropbox, Inc."	25.05.11		01.01.35	"notwendig"
"Dropbox Shell Tools 0.0.1.0"	"PCom IT-Services"	11.10.11		"0.0.1.0"	"notwendig"
"Easy Display Manager"	"Samsung Electronics Co., Ltd."	20.06.10		01.03.00	"notwendig"
"Easy SpeedUp Manager"	"Samsung Electronics Co.,Ltd."	17.06.10		"3.0.0.6"	"notwendig"
"EasyBatteryManager"	"Samsung"	17.06.10		"4.0.0.3"	"notwendig"
"Free Audio Converter version 2.2.17.426"	"DVDVideoSoft Limited."	10.05.11	"26,6MB"		"notwendig"
"Free Video to MP3 Converter version 4.2.14"	"DVDVideoSoft Limited."	25.01.11	"28,8MB"		"notwendig"
"Free YouTube to MP3 Converter version 3.9.37.426"	"DVDVideoSoft Limited."	10.05.11	"36,3MB"		"notwendig"
"Garmin BaseCamp"	"Garmin Ltd or its subsidiaries"	12.09.11	"122,2MB"	03.02.02	"notwendig"
"Garmin MapSource"	"Garmin Ltd or its subsidiaries"	10.03.11	"58,1MB"	"6.16.3"	"notwendig"
"Garmin Trip and Waypoint Manager v4"	"Garmin Ltd or its subsidiaries"	10.03.11	"28,1MB"	"4.0.0.0"	"notwendig"
"Garmin USB Drivers"	"Garmin Ltd or its subsidiaries"	10.03.11	"0,12MB"	"2.3.0.0"	"notwendig"
"Garmin WebUpdater"	"Garmin Ltd or its subsidiaries"	10.03.11	"5,01MB"	02.04.02	"notwendig"
"GIMP 2.6.8"		17.06.10			"notwendig"
"Glary Utilities 2.36.0.1232"	"Glarysoft Ltd"	11.08.11	"22,2MB"	"2.36.0.1232"	"notwendig"
"GMX File Storage Manager"	"GMX Internet Services Inc."	23.01.11		"2.0.615"	"notwendig"
"Google Earth"	"Google"	04.07.11	"84,6MB"	"6.0.3.2197"	"notwendig"
"Grapher 8"	"Golden Software"	10.08.10			"notwendig"
"HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3"	"HP"	04.07.10		"13.0"	"notwendig"
"HP Imaging Device Functions 13.0"	"HP"	04.07.10		"13.0"	"unbekannt"
"Intel(R) PROSet/Wireless WiFi-Software"	"Intel Corporation"	17.06.10	"116,4MB"	13.02.00	"unbekannt"
"Intel® Matrix Storage Manager"	"Intel Corporation"	17.06.10			"unbekannt"
"IrfanView (remove only)"	"Irfan Skiljan"	06.09.10	"1,50MB"	01.04.27	"notwendig"
"iTunes"	"Apple Inc."	03.09.11	"141,2MB"	"10.4.1.10"	"notwendig"
"Java(TM) 6 Update 26"	"Sun Microsystems, Inc."	17.06.10	"95,0MB"	"6.0.260"	"notwendig"
"JDownloader"	"AppWork UG (haftungsbeschränkt)"	17.06.10		"0.89"	"notwendig"
"Malwarebytes' Anti-Malware Version 1.51.2.1300"	"Malwarebytes Corporation"	13.10.11	"13,8MB"	"1.51.2.1300"	"notwendig"
"Marvell Miniport Driver"	"Marvell"	16.06.10		"10.70.3.3"	"unbekannt"
"Medieval CUE Splitter"	"Medieval Software"	16.06.11	"1,66MB"	01.02.00	"notwendig"
"Melodyne 3.2"	"Celemony Software GmbH"	07.09.10		02.02.02	"notwendig"
"Microsoft .NET Framework 4 Client Profile"	"Microsoft Corporation"	25.06.10	"38,8MB"	"4.0.30319"	"unbekannt"
"Microsoft .NET Framework 4 Client Profile DEU Language Pack"	"Microsoft Corporation"	25.06.10	"2,94MB"	"4.0.30319"	"unbekannt"
"Microsoft Office Professional 2010"	"Microsoft Corporation"	04.09.11		"14.0.6029.1000"	"notwendig"
"Microsoft Silverlight"	"Microsoft Corporation"	13.10.11	"134,4MB"	"4.0.60831.0"	"notwendig"
"Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"	"Microsoft Corporation"	17.04.11	"0,58MB"	"9.0.30729.5570"	"unbekannt"
"Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"	"Microsoft Corporation"	04.09.11	"1,41MB"	"9.0.21022"	"unbekannt"
"Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"	"Microsoft Corporation"	19.06.10	"0,23MB"	"9.0.30729"	"unbekannt"
"Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"	"Microsoft Corporation"	16.06.10	"0,58MB"	"9.0.30729.4148"	"unbekannt"
"Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"	"Microsoft Corporation"	16.06.11	"0,59MB"	"9.0.30729.6161"	"unbekannt"
"Microsoft Visual Studio Tools for Applications 2.0 - ENU"	"Microsoft Corporation"	16.06.11	"211MB"	"9.0.30729"	"unbekannt"
"Microsoft Visual Studio Tools for Applications 2.0 Runtime"	"Microsoft Corporation"	21.06.10	"0,15MB"	"9.0.30729"	"unbekannt"
"MixMeister BPM Analyzer 1.0"	"MixMeister Technology LLC"	19.05.11			"notwendig"
"Monkey's Audio"		11.06.11	"3,11MB"		"notwendig"
"Mozilla Firefox 7.0.1 (x86 de)"	"Mozilla"	01.10.11	"34,8MB"	"7.0.1"	"notwendig"
"Mozilla Thunderbird (3.1.7)"	"Mozilla"	16.01.11		"3.1.7 (de)"	"notwendig"
"Mp3tag v2.49"	"Florian Heidenreich"	15.06.11		"v2.49"	"notwendig"
"MSXML 4.0 SP2 (KB954430)"	"Microsoft Corporation"	05.07.10	"1,28MB"	"4.20.9870.0"	"unbekannt"
"MSXML 4.0 SP2 (KB973688)"	"Microsoft Corporation"	07.07.10	"1,33MB"	"4.20.9876.0"	"unbekannt"
"Native Instruments B4 II"		26.06.10			"notwendig"
"NVIDIA Drivers"	"NVIDIA Corporation"	16.06.10		01.03.11	"notwendig"
"OpenOffice.org 3.2"	"OpenOffice.org"	16.08.10	"361MB"	03.02.02	"notwendig"
"Paragon Backup & Recovery™ 10 Home"	"Paragon Software"	24.08.11	"155,9MB"	"90.00.0003"	"notwendig"
"PDF-XChange PDF Viewer"	"Tracker Software Products Ltd"	21.06.10	"23,2MB"	"2.0.52.0"	"notwendig"
"Pidgin"		29.09.11		02.10.00	"notwendig"
"QuickTime"	"Apple Inc."	03.09.11	"73,0MB"	"7.70.80.34"	"notwendig"
"Recuva"	"Piriform"	10.03.11		01.01.39	"notwendig"
"ResearchSoft Direct Export Helper"		02.05.11			"unbekannt"
"Rosetta Stone Version 3"	"Rosetta Stone Ltd."	19.11.10	"120,4MB"	"3.4.7.0"	"notwendig"
"Samsung Support Center"	"Samsung"	17.06.10	"40,9MB"	"1.0.4"	"notwendig"
"Samsung Update Plus"	"Samsung Electronics Co., Ltd."	17.06.10		01.02.00	"notwendig"
"Silvercrest MTS2218 driver"	"Targa GmbH"	18.06.10	"7,92MB"	06.01.11	"notwendig"
"Skype™ 5.5"	"Skype Technologies S.A."	09.10.11	"17,0MB"	"5.5.119"	"notwendig"
"Steinberg Cubase SX"		19.09.10			"notwendig"
"Synaptics Pointing Device Driver"	"Synaptics Incorporated"	16.06.10		"15.0.10.0"	"notwendig"
"Syncrosoft's Protection Device Driver Package"		19.09.10			"notwendig"
"TeamViewer 6"	"TeamViewer GmbH"	03.09.11		"6.0.11052"	"notwendig"
"The Panorama Factory V5 m32 Edition"	"Smoky City Design"	14.10.10	"20,0MB"	05.03.00	"notwendig"
"Total Commander (Remove or Repair)"	"Ghisler Software GmbH"	10.05.11		"7.56a"	"notwendig"
"TuneUp Utilities 2011"	"TuneUp Software"	11.09.11		"10.0.4400.22"	"notwendig"
"Turbo Lister 2"	"eBay Inc."	28.11.10	"82,5MB"	"2.00.0000"	"notwendig"
"UA-101-Treiber"	"Roland Corporation"	17.06.10			"notwendig"
"Uninstall 1.0.0.1"	"DVDVideoSoft Limited."	06.04.11	"10,9MB"		"notwendig"
"USB2.0 UVC WebCam"	"D-MAX"	16.06.10		"7.11.706.001"	"notwendig"
"Virtual DJ Pro Full - Atomix Productions"		20.06.11			"notwendig"
"VLC media player 1.1.11"	"VideoLAN"	11.10.11		01.01.11	"notwendig"
"WIDCOMM Bluetooth Software"	"Broadcom Corporation"	16.06.10	"88,4MB"	"6.2.1.100"	"unbekannt"
"Winamp"	"Nullsoft, Inc"	10.09.11		5621	"notwendig"
"Winamp Detector Plug-in"	"Nullsoft, Inc"	24.04.11	"75,00KB"	"1.0.0.1"	"unbekannt"
"Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)"	"Broadcom"	16.06.10		"06/15/2009 6.2.0.9000"	"unbekannt"
"Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)"	"Broadcom"	16.06.10		"07/30/2009 6.2.0.9405"	"unbekannt"
"Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)"	"Broadcom"	16.06.10		"07/28/2009 6.2.0.9800"	"unbekannt"
"Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)"	"Garmin"	10.03.11		"06/03/2009 2.3.0.0"	"unbekannt"

markusg · 17.10.2011, 15:36

sieht ok aus, wie läuft das system?

Pukas · 18.10.2011, 09:00

Vielen Dank! Läuft super!
Hast du noch irgendwelche Tipps an Sicherheitssoftware, oder passt es so?

markusg · 18.10.2011, 12:49

schau mal unter start, suchen, tippe
windows update
enter
einstellungen, updates automatisch instalieren, täglich, uhrzeit passend für dich auswählen, dann alles anhaken außer detailierte infos anzeigen.
ok klicken, updates suchen, wichtige und optionale updates instalieren.

Pukas · 18.10.2011, 13:07

Ja, das war schon so eingestellt. Ich habe mir jetzt noch Secunia PSI installiert.
Das System läuft einwandfrei. Firefox auch... mit dem hatte ich ja Anfangs Probleme.

14.10.2011, 15:08	#6
markusg /// Malware-holic	Unbekannter Prozess 2E0.exe nein du sollst überhaupt nichts anderes bitte machen außer das was ich dir schreibe, denn das vereinfacht mir die arbeit. auf spybot kann man sowieso verzichten. nur 1 update pro woche etc. also bitte combofix ausführen. __________________ --> Unbekannter Prozess 2E0.exe

17.10.2011, 15:36	#12
markusg /// Malware-holic	Unbekannter Prozess 2E0.exe sieht ok aus, wie läuft das system? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Unbekannter Prozess 2E0.exe

Log-Analyse und Auswertung: Unbekannter Prozess 2E0.exe