Bin von dem 50 Euro-Virus befallen.

kappel1719 · 14.01.2012, 18:09

Hallo liebes Support-Team. Wie viele, bin ich bzw. mein Notebook (WIN 7) auch vom Virus befallen, der mir 50 € abknöpfen will, so dass er mich von angeblichen Viren befreit. Habe mir OTL bereits heruntergeladen und bin im abgesicherten Modus. Würde mich sehr freuen, wenn ihr mir in irgendeiner Weise aus der Patsche helfen könntet.

LG

ein verzweifelter kappel1719

markusg · 14.01.2012, 18:16

hiFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

kappel1719 · 14.01.2012, 19:06

Also hier ist der Inhalt des OTL-Scans:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.01.2012 18:19:30 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dennis\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 84,01% Memory free
5,86 Gb Paging File | 5,46 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 38,68 Gb Free Space | 27,22% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 132,45 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 17:38:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (sppuinotify)
SRV - File not found [Auto | Stopped] --  -- (sppsvc)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.04.14 21:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 21:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.07.27 01:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.10.28 18:05:58 | 000,251,248 | ---- | M] (SAP AG) [Auto | Stopped] -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.09 04:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.16 19:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programme\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 B7 9F B7 BC C6 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programme\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62626
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62626
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
 
[2010.03.17 14:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2010.09.11 12:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\o4odxed3.default\extensions
[2010.09.11 12:13:19 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\o4odxed3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.10 14:04:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\o4odxed3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.28 20:52:42 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\o4odxed3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\o4odxed3.default\searchplugins\icqplugin.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programme\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programme\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (P2P Energy Toolbar) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Programme\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PATHPILOT] C:\Programme\Kat MP3 Recorder\Kat MP3 Recorder.exe ()
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Programme\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Mit Nuance PDF Converter 6.0 öffnen - C:\Program Files\Nuance\PDF Professional 6\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Mit PDF Professional 6 öffnen - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE239FC-B6AB-4372-BE0F-A3CD625AD18B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB430719-EC93-4DA9-8A10-502CD1E06305}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - d:\Programme\SAP\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - d:\Programme\SAP\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e7946b4-51e2-11df-96ec-0024542033a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e7946b4-51e2-11df-96ec-0024542033a6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.14 17:38:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.01.13 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\PokerStars
[2012.01.13 12:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011.12.30 19:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira
[2011.12.30 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.12.30 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.12.30 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.12.27 11:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.27 11:45:26 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.27 11:45:26 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.27 11:45:26 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.27 11:45:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.27 11:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.27 11:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.26 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2011.12.26 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Apple Computer
[2011.12.26 11:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.26 11:08:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.12.26 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.26 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.26 11:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.12.26 11:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.12.26 11:06:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Apple
[2011.12.26 11:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.12.26 11:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.12.26 11:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.12.26 11:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.10.13 13:58:43 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2011.10.13 13:56:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
[2011.10.13 13:56:08 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
[2011.10.13 13:56:07 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2011.10.13 13:56:07 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2011.10.13 13:56:07 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2011.10.13 13:56:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2011.10.13 13:56:06 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2011.10.13 13:56:05 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2011.10.13 13:56:05 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2011.10.13 13:56:04 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2011.10.13 13:56:04 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2011.10.13 13:56:04 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2011.10.13 13:56:03 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.14 17:57:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.01.14 17:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.14 17:57:00 | 2362,908,672 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.14 17:38:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.01.14 17:02:19 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.14 17:02:19 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.14 17:02:19 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.14 17:02:19 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 19:05:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 19:05:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 11:45:53 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.26 11:08:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.27 11:45:53 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.26 11:08:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.26 11:06:18 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.10.13 13:58:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2011.10.13 13:58:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2011.10.13 13:58:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2011.10.13 13:58:30 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2011.10.13 13:56:23 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxecrwrd.ini
[2011.10.13 13:56:09 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2011.10.13 13:56:06 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2011.10.13 13:56:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2011.10.13 13:56:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2011.10.13 13:56:05 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2011.10.13 13:56:05 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2011.10.13 13:56:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2011.10.13 13:56:04 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2011.10.13 13:56:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2011.10.13 13:55:05 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll
[2011.10.13 13:55:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll
[2011.10.10 14:25:04 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011.10.10 14:25:04 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011.10.10 14:25:04 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011.10.10 14:25:04 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011.10.10 14:25:04 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.05.23 20:21:00 | 000,161,191 | ---- | C] () -- C:\Windows\Expstudio Audio Editor FREE Uninstaller.exe
[2010.05.22 09:48:45 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
[2010.05.16 10:51:57 | 000,004,096 | -H-- | C] () -- C:\Users\Dennis\AppData\Local\keyfile3.drm
[2010.04.30 11:16:27 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.30 10:49:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.04.28 20:56:55 | 000,003,584 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.14 10:15:57 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.25 15:58:02 | 000,001,693 | ---- | C] () -- C:\Windows\saplogon.ini
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,411,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.16 14:29:38 | 000,000,065 | ---- | C] () -- C:\Windows\saproute.ini
[2007.11.14 18:42:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007.11.09 12:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll
[2005.12.15 06:17:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2004.07.29 00:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll.old0
 
========== LOP Check ==========
 
[2011.11.10 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\02952
[2011.11.06 18:58:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\4C056
[2011.11.10 10:33:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\56C2A
[2011.11.10 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\6F002
[2010.05.23 20:03:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Audio Recorder for Free
[2011.07.17 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
[2011.07.17 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.28 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EPSON
[2011.09.15 16:19:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2010.04.30 11:59:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nuance
[2011.10.24 17:17:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PacificPoker
[2012.01.14 15:12:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SAP
[2010.04.30 11:16:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Zeon
[2011.11.04 13:54:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011.12.13 08:55:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.14 12:03:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.03.17 13:43:54 | 000,000,000 | -HSD | M] -- C:\Boot
[2010.03.04 12:13:11 | 000,000,000 | ---D | M] -- C:\bwinPoker
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.17 14:18:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.24 04:11:24 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.24 14:42:49 | 000,000,000 | ---D | M] -- C:\Lexmark ToolBar
[2012.01.14 15:11:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.14 15:11:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.14 15:12:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.03.17 14:18:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.17 14:18:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2009.07.27 03:58:28 | 000,000,000 | ---D | M] -- C:\SoftwareMedia
[2012.01.14 17:35:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.29 17:04:14 | 000,000,000 | ---D | M] -- C:\Temp
[2011.08.14 12:03:40 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.14 17:57:00 | 000,000,000 | ---D | M] -- C:\Windows
[2010.03.17 14:28:09 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010.03.05 07:15:58 | 000,310,209 | ---- | M] () -- C:\Users\Dennis\30009449.potx
[2009.10.09 16:01:54 | 000,231,936 | ---- | M] () -- C:\Users\Dennis\Leistungsnachweise 1.doc
[2009.10.09 16:01:30 | 000,239,616 | ---- | M] () -- C:\Users\Dennis\Leistungsnachweise 2.doc
[2009.11.18 12:09:15 | 000,110,592 | ---- | M] () -- C:\Users\Dennis\ME Studenten (2).doc
[2012.01.14 18:55:54 | 003,407,872 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat
[2012.01.14 18:55:54 | 000,262,144 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat.LOG1
[2010.03.17 14:18:52 | 000,000,000 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat.LOG2
[2010.03.17 17:43:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.03.17 17:43:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.03.17 17:43:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.01.14 15:20:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat{f88b1b29-3eb8-11e1-89bb-9c402cba515e}.TM.blf
[2012.01.14 15:20:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat{f88b1b29-3eb8-11e1-89bb-9c402cba515e}.TMContainer00000000000000000001.regtrans-ms
[2012.01.14 15:20:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat{f88b1b29-3eb8-11e1-89bb-9c402cba515e}.TMContainer00000000000000000002.regtrans-ms
[2010.03.17 14:18:53 | 000,000,020 | -HS- | M] () -- C:\Users\Dennis\ntuser.ini
[2009.08.04 15:20:48 | 000,016,896 | ---- | M] () -- C:\Users\Dennis\Strafenkatalog Gommersheim.xls
[2010.02.26 14:04:14 | 000,013,330 | ---- | M] () -- C:\Users\Dennis\Stunden.xlsx
[2010.03.11 10:46:59 | 000,010,768 | ---- | M] () -- C:\Users\Dennis\SV Geinsheim.docx
[2012.01.14 16:06:54 | 000,010,240 | -HS- | M] () -- C:\Users\Dennis\Thumbs.db
[2009.08.13 06:52:14 | 000,014,336 | ---- | M] () -- C:\Users\Dennis\Tunnel.xls
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

markusg · 15.01.2012, 17:38

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

kappel1719 · 16.01.2012, 13:01

Hallo anbei meine txt-Datei von combofix.exe:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-16.02 - Dennis 16.01.2012  12:02:13.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3005.1941 [GMT 1:00]
ausgeführt von:: c:\users\Dennis\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\LP
c:\users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\{291DBAC5-0A39-4063-844B-8B066C41CCA6}.xps
c:\windows\PFRO.log
c:\windows\system32\lame_enc.dll.old0
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-16 bis 2012-01-16  ))))))))))))))))))))))))))))))
.
.
2012-01-16 11:36 . 2012-01-16 11:36	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-01-16 11:36 . 2012-01-16 11:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-16 10:38 . 2012-01-16 10:38	--------	d-----w-	c:\windows\system32\Wat
2012-01-16 10:00 . 2012-01-16 10:05	--------	d-----w-	c:\users\Dennis\AppData\Local\Babylon
2012-01-16 09:59 . 2012-01-16 09:59	--------	d-----w-	c:\program files\Babylon
2012-01-16 09:59 . 2012-01-16 09:59	238	----a-w-	C:\user.js
2012-01-16 09:59 . 2012-01-16 10:49	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Babylon
2012-01-16 09:59 . 2012-01-16 10:49	--------	d-----w-	c:\programdata\Babylon
2012-01-15 13:26 . 2012-01-15 17:04	--------	d-----r-	c:\users\Dennis\FH-Unterlagen
2012-01-14 15:31 . 2012-01-14 15:31	--------	d-----w-	c:\users\Gast\AppData\Roaming\SAP
2012-01-14 15:31 . 2012-01-14 15:31	--------	d-----w-	c:\users\Gast\AppData\Local\SAP
2012-01-14 15:02 . 2012-01-14 15:02	--------	d-----w-	c:\users\Gast\AppData\Roaming\Nuance
2012-01-14 15:02 . 2012-01-14 15:02	--------	d-----w-	c:\users\Gast\AppData\Roaming\FLEXnet
2012-01-14 14:59 . 2012-01-14 15:00	--------	d-----w-	c:\users\Gast\AppData\Local\Google
2012-01-14 14:56 . 2012-01-14 14:56	--------	d-----w-	c:\users\Gast\AppData\Local\AskToolbar
2012-01-14 14:23 . 2012-01-14 14:23	--------	d-----w-	c:\users\Gast\AppData\Roaming\Apple Computer
2012-01-13 11:51 . 2012-01-14 14:13	--------	d-----w-	c:\users\Dennis\AppData\Local\PokerStars
2012-01-13 11:50 . 2012-01-14 14:13	--------	d-----w-	c:\program files\PokerStars
2011-12-30 18:01 . 2011-12-30 18:01	--------	d-----w-	c:\program files\pdfforge Toolbar
2011-12-30 18:01 . 2011-12-30 18:01	--------	d-----w-	c:\program files\Common Files\Spigot
2011-12-30 18:01 . 2011-12-30 18:01	--------	d-----w-	c:\program files\Application Updater
2011-12-26 10:08 . 2012-01-13 11:04	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Apple Computer
2011-12-26 10:08 . 2011-12-26 10:08	--------	d-----w-	c:\users\Dennis\AppData\Local\Apple Computer
2011-12-26 10:08 . 2011-12-26 10:08	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-12-26 10:08 . 2009-05-18 12:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-26 10:08 . 2008-04-17 11:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-12-26 10:07 . 2011-12-26 10:08	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-26 10:07 . 2011-12-26 10:08	--------	d-----w-	c:\program files\iTunes
2011-12-26 10:07 . 2011-12-26 10:07	--------	d-----w-	c:\programdata\Apple Computer
2011-12-26 10:07 . 2011-12-26 10:07	--------	d-----w-	c:\program files\iPod
2011-12-26 10:06 . 2011-12-26 10:06	--------	d-----w-	c:\users\Dennis\AppData\Local\Apple
2011-12-26 10:06 . 2011-12-26 10:06	--------	d-----w-	c:\program files\Apple Software Update
2011-12-26 10:05 . 2011-12-26 10:05	--------	d-----w-	c:\program files\Bonjour
2011-12-26 10:05 . 2011-12-26 10:07	--------	d-----w-	c:\program files\Common Files\Apple
2011-12-26 10:05 . 2011-12-26 10:06	--------	d-----w-	c:\programdata\Apple
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 14:07 . 2011-11-25 14:07	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-11-09 2331672]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-11-09 16:38	2331672	----a-w-	c:\program files\P2P_Energy\tbP2P_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-03-17 13:45	2355224	----a-w-	c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 10:17	1233288	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54	175912	----a-w-	c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-11-09 2331672]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-11-09 2331672]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2008-10-28 218472]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-08-23 2080768]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]
"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]
"PATHPILOT"="c:\program files\Kat MP3 Recorder\Kat MP3 Recorder.exe" [2009-12-15 345600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240]
.
c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-3-26 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [2010-04-14 193192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netr73;RT73-Drahtlostreiber für Vista von Conceptronic;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 598696]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2008-10-28 251248]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-07-27 134944]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832813653-3545038764-2709915888-1000Core.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:06]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832813653-3545038764-2709915888-1000UA.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=19146&tt=110112_ocp
uInternet Settings,ProxyServer = http=127.0.0.1:62626
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Free YouTube to Mp3 Converter - c:\users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 6.0 öffnen - c:\program files\Nuance\PDF Professional 6\cnvres_ger.dll /100
IE: Mit PDF Professional 6 öffnen - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DigiMedia Explorer - c:\windows\unin0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-16  12:57:35
ComboFix-quarantined-files.txt  2012-01-16 11:57
.
Vor Suchlauf: 11 Verzeichnis(se), 38.228.783.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 41.195.524.096 Bytes frei
.
- - End Of File - - C91F28CA87D8C7F29EEF7674D41F6794

--- --- ---

markusg · 16.01.2012, 13:06

lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

kappel1719 · 16.01.2012, 13:20

888poker 23.10.2011 unnötig
ABBYY FineReader 6.0 Sprint ABBYY Software House 21.05.2010 119,5MB 6.00.1395.4512 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 17.03.2010 10.0.45.2 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 13.02.2011 6,00MB 10.2.152.26 notwendig
Adobe Reader 9.3 - Deutsch Adobe Systems Incorporated 18.03.2010 240MB 9.3.0 notwendig
Apple Application Support Apple Inc. 25.12.2011 61,2MB 2.1.6 notwendig
Apple Mobile Device Support Apple Inc. 25.12.2011 24,3MB 4.0.0.97 notwendig
Apple Software Update Apple Inc. 25.12.2011 2,38MB 2.1.3.127 notwendig
Atheros Client Installation Program Atheros 18.03.2010 1.0.1.0805 notwendig
Babylon Babylon 15.01.2012 unnötig
Babylon toolbar on IE 15.01.2012 unnötig
Bonjour Apple Inc. 25.12.2011 0,98MB 3.0.0.10 notwendig
CCleaner Piriform 15.01.2012 3.14 notwendig
DVDVideoSoft Toolbar 27.04.2010 unnötig
DVDVideoSoftTB Toolbar 24.11.2011 unnötig
EPSON Attach To Email SEIKO EPSON 21.05.2010 1,08MB 1.01.0000 unnötig
EPSON Copy Utility 3 21.05.2010 3.2.0.0 unnötig
EPSON Easy Photo Print 21.05.2010 1.2.3.0 unnötig
EPSON File Manager 21.05.2010 1.1.0.0 unnötig
Expstudio Audio Editor FREE Expstudio.com 22.05.2010 4.31 unnötig
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 10.09.2010 8,09MB notwendig
Free YouTube to MP3 Converter version 3.10.1.715 DVDVideoSoft Limited. 16.07.2011 48,1MB notwendig
Google Chrome Google Inc. 18.03.2010 16.0.912.75 notwendig
ICQ Toolbar ICQ 24.03.2010 3.0.0 unnötig
ICQ7.1 ICQ 24.03.2010 7.1 unnötig
iTunes Apple Inc. 25.12.2011 170,9MB 10.5.2.11 notwendig
Kat MP3 Recorder 22.05.2010 unnötig
Lexmark 13.10.2011 1.0.0.0 notwendig
Lexmark Pro800-Pro900 Series Lexmark International, Inc. 12.10.2011 notwendig
Lexmark Symbolleiste 24.10.2011 4.63.37.0 notwendig
Lexmark Tools for Office 12.10.2011 1.29.0.0 notwendig
Machinarium Daedalic Entertainment 25.03.2010 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 38,8MB 4.0.30319 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 03.12.2011 14.0.6029.1000 notwendig
Microsoft Project Professional 2010 Microsoft Corporation 28.11.2011 14.0.6029.1000 notwendig
Microsoft redistributable runtime DLLs VS2005 SP1(x86) SAP 18.03.2010 2,79MB 8.0.50727.762 notwendig
Microsoft redistributable runtime DLLs VS2008 SP1(x86) SAP AG 09.10.2011 4,62MB 9.0 notwendig
Microsoft Silverlight Microsoft Corporation 12.10.2011 160,0MB 4.0.60831.0 notwendig
Microsoft Visio Professional 2010 Microsoft Corporation 01.12.2011 14.0.6029.1000 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.04.2010 0,23MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.03.2010 0,58MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.12.2011 16,5MB 10.0.40219 notwendig
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 13.04.2010 0,13MB 12.0.4518.1014 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.03.2010 35,00KB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.03.2010 1,33 MB 4.20.9876.0 unbekannt
MSXML4.0 redistributable SAP 18.03.2010 3,70MB 4.0.0.0 unbekannt
Nero BurnLite 10 Nero AG 24.07.2010 56,4MB 10.0.10500 notwendig
Nero Toolbar Ask.com 24.07.2010 1,66MB 1.6.9.0 notwendig
Nero Update Nero AG 24.07.2010 1,44MB 1.0.0018 notwendig
Nuance PDF Professional 6 Nuance Communications, Inc 29.04.2010 437MB 6.00.3201 notwendig
ObjectDock 25.03.2010 notwendig
P2P_Energy Toolbar 22.05.2010
PDFCreator Frank Heindörfer, Philip Chinery 29.04.2010 0.9.9 unbekannt
pdfforge Toolbar v4.9 Spigot, Inc. 29.12.2011 2,80MB 4.9 unbekannt
PIF DESIGNER 21.05.2010 notwendig
PokerStars.net PokerStars.net 08.08.2011 notwendig
PowerISO PowerISO Computing, Inc. 13.04.2010 4.6 unbekannt
SAP Business Explorer SAP AG 09.10.2011 7.20 notwendig
SAP GUI for Windows 7.20 SAP 09.10.2011 7.20 Compilation 1 notwendig
SAPSetup Automatic Workstation Update Service SAP AG 18.03.2010 notwendig
softonic-de3 Toolbar 24.04.2010 unnötig
SopCast 3.2.9 www.sopcast.com 14.05.2010 3.2.9 unnötig
TVUPlayer 2.5.3.1 TVU networks 14.05.2010 2.5.3.1 unnötig
Uninstall 1.0.0.1 10.09.2010 10,6MB unbekannt
vcredist_x86 SAP 09.10.2011 4,29MB 1.0.0 notwendig
Veetle TV 0.9.17 Veetle, Inc 20.09.2010 0.9.17 unbekannt
Windows Media Player Firefox Plugin Microsoft Corp 21.06.2010 0,29MB 1.0.0.8 notwendig

markusg · 16.01.2012, 13:40

deinstaliere:
888poker
ABBYY
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
deinstaliere:
Babylon beide
DVDVideoSoft beide
EPSON alle
Expstudio
ICQ Toolbar
Kat MP3
Machinarium
Nero Toolbar gehört zu as, weg damit.
P2P_Energy Toolbar
PDFCreator
pdfforge Toolbar
PowerISO
softonic
SopCast
TVUPlayer
Veetle

öffne otl, klicke bereinigen, neustart, removal tools werden gelöscht.
öffne ccleaner, analysieren, bereinigen.

kappel1719 · 16.01.2012, 15:10

So, ich hätte nun die gelisteten Programme gelöscht und OTL und CCleaner sind wie beschrieben durch.

Ist mein Rechner nun wieder gesäubert?

markusg · 16.01.2012, 15:38

hi, wir machen noch einen scan, und dann sichern wir das system ab, denn solch ein problem hätte vermieden werden können.

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

kappel1719 · 16.01.2012, 18:15

Hallo, der Scan ist nun durch. Anbei der log-text:

Zitat:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.16.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Dennis :: DENNIS-PC [Administrator]

16.01.2012 15:49:50
mbam-log-2012-01-16 (15-49-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442479
Laufzeit: 2 Stunde(n), 17 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Dennis\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 16.01.2012, 19:32

lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

kappel1719 · 16.01.2012, 20:26

Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 15.01.2012 120,8MB 10.1.2notwendig
Apple Application Support Apple Inc. 25.12.2011 61,2MB 2.1.6notwendig
Apple Mobile Device Support Apple Inc. 25.12.2011 24,3MB 4.0.0.97notwendig
Apple Software Update Apple Inc. 25.12.2011 2,38MB 2.1.3.127notwendig
Atheros Client Installation Program Atheros 18.03.2010 1.0.1.0805notwendig
Bonjour Apple Inc. 25.12.2011 0,98MB 3.0.0.10notwendig
CCleaner Piriform 15.01.2012 3.14notwendig
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 10.09.2010 8,09MB notwendig
Free YouTube to MP3 Converter version 3.10.1.715 DVDVideoSoft Limited. 16.07.2011 48,1MB notwendig
Google Chrome Google Inc. 18.03.2010 16.0.912.75notwendig
iTunes Apple Inc. 25.12.2011 170,9MB 10.5.2.11notwendig
Lexmark 13.10.2011 1.0.0.0notwendig
Lexmark Pro800-Pro900 Series Lexmark International, Inc. 15.01.2012notwendig
Lexmark Symbolleiste 15.01.2012 4.63.37.0notwendig
Lexmark Tools for Office 15.01.2012 1.29.0.0notwendig
Malwarebytes Anti-Malware Version 1.60.0.1800 Malwarebytes Corporation 15.01.2012 18,6MB 1.60.0.1800notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.01.2012 38,8MB 4.0.30319notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 15.01.2012 14.0.6029.1000notwendig
Microsoft Project Professional 2010 Microsoft Corporation 15.01.2012 14.0.6029.1000notwendig
Microsoft redistributable runtime DLLs VS2005 SP1(x86) SAP 18.03.2010 2,79MB 8.0.50727.762notwendig
Microsoft redistributable runtime DLLs VS2008 SP1(x86) SAP AG 09.10.2011 4,62MB 9.0notwendig
Microsoft Silverlight Microsoft Corporation 12.10.2011 160,0MB 4.0.60831.0notwendig
Microsoft Visio Professional 2010 Microsoft Corporation 15.01.2012 14.0.6029.1000notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.04.2010 0,23MB 9.0.30729notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.03.2010 0,58MB 9.0.30729.4148notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.12.2011 16,5MB 10.0.40219notwendig
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 13.04.2010 0,13MB 12.0.4518.1014 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.03.2010 35,00KB 4.20.9870.0notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.03.2010 1,33MB 4.20.9876.0notwendig
MSXML4.0 redistributable SAP 18.03.2010 3,70MB 4.0.0.0
Nero BurnLite 10 Nero AG 24.07.2010 56,4MB 10.0.10500notwendig
Nero Update Nero AG 24.07.2010 1,44MB 1.0.0018 notwendig
Nuance PDF Professional 6 Nuance Communications, Inc 29.04.2010 437MB 6.00.3201notwendg
ObjectDock 15.01.2012 notwendig
PIF DESIGNER 15.01.2012 unbekannt
PokerStars.net PokerStars.net 15.01.2012 notwendig
SAP Business Explorer SAP AG 15.01.2012 7.20 notwendig
SAP GUI for Windows 7.20 SAP 15.01.2012 7.20 Compilation 1 notwendig
SAPSetup Automatic Workstation Update Service SAP AG 15.01.2012 notwendig
Uninstall 1.0.0.1 10.09.2010 10,6MB notwendig
vcredist_x86 SAP 09.10.2011 4,29MB 1.0.0 notwendig
Windows Media Player Firefox Plugin Microsoft Corp 21.06.2010 0,29MB 1.0.0.8 notwendig

markusg · 16.01.2012, 21:45

öffne otl, klicke bereinigen, pc startet neu, removal tools werden gelöscht.
öffne ccleaner, analysieren, bereinigen.
pc neustarten testen ob alles wie gewünscht läuft

kappel1719 · 16.01.2012, 22:55

Zitat:

Zitat von markusg

öffne otl, klicke bereinigen, pc startet neu, removal tools werden gelöscht.
öffne ccleaner, analysieren, bereinigen.
pc neustarten testen ob alles wie gewünscht läuft

Erledigt...

Bin von dem 50 Euro-Virus befallen.

Plagegeister aller Art und deren Bekämpfung: Bin von dem 50 Euro-Virus befallen.