Windows Security-Drohung - Ihr Windows System wurde blockiert!

aiSca · 01.02.2012, 16:04

Guten Tag

Leider habe ich das gleiche Problem wie viele andere Momentan

Bei Windows Start erscheint ein Fenster in dem ich gebeten werde 100 € per Pay Pal zu bezahlen oder aber meine Daten sind weg. Da ich schon ein bisschen gelesen habe, habe ich nu erstmal OTL benutzt mit diesem Ergebnis :

Zitat:

OTL logfile created on: 01.02.2012 15:58:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sca\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,18% Memory free
8,00 Gb Paging File | 6,69 Gb Available in Paging File | 83,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 45,81 Gb Free Space | 39,12% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 46,12 Gb Free Space | 11,81% Space Free | Partition Type: NTFS
Drive E: | 190,82 Gb Total Space | 190,57 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1863,01 Gb Total Space | 1745,87 Gb Free Space | 93,71% Space Free | Partition Type: NTFS

Computer Name: SCA-PC | User Name: Sca | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sca\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) Logitech HD Webcam C510(UVC) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SaiK0CFA) -- C:\Windows\SysNative\drivers\SaiK0CFA.sys (Saitek)
DRV:64bit: - (SaiU0CFA) -- C:\Windows\SysNative\drivers\SaiU0CFA.sys (Saitek)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=0cb7fe67-1399-11e1-8ca2-002215439681
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=0cb7fe67-1399-11e1-8ca2-002215439681
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 A6 C6 71 77 84 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=0cb7fe67-1399-11e1-8ca2-002215439681&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sca\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.08 00:30:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.07 16:21:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.20 18:00:03 | 000,000,000 | ---D | M]

[2011.09.07 22:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sca\AppData\Roaming\mozilla\Extensions
[2012.01.07 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sca\AppData\Roaming\mozilla\Firefox\Profiles\m2rtfyre.default\extensions
[2011.11.20 18:00:06 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Sca\AppData\Roaming\mozilla\Firefox\Profiles\m2rtfyre.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2011.09.07 23:46:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sca\AppData\Roaming\mozilla\Firefox\Profiles\m2rtfyre.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.07 16:23:55 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Sca\AppData\Roaming\mozilla\Firefox\Profiles\m2rtfyre.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Sca\AppData\Roaming\Mozilla\Firefox\Profiles\m2rtfyre.default\searchplugins\startsear.xml
[2012.01.07 16:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\SCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M2RTFYRE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.07 16:21:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.01 18:58:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 18:58:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.01 18:58:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 18:58:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 18:58:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 18:58:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Sca\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] D:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\Sca\AppData\Local\Temp\0.32863280667622596.exe (Quick Heal Technologies (P) Ltd.)
O4 - Startup: C:\Users\Sca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146B9ADC-CD73-418C-A2BD-FEF91C16E8B3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.03.31 09:35:30 | 000,000,102 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6a77c3b3-da2d-11e0-8b33-002215439681}\Shell - "" = AutoRun
O33 - MountPoints2\{6a77c3b3-da2d-11e0-8b33-002215439681}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{6a77c3b8-da2d-11e0-8b33-002215439681}\Shell - "" = AutoRun
O33 - MountPoints2\{6a77c3b8-da2d-11e0-8b33-002215439681}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.01 13:12:07 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{2B09C1F0-FC3E-4CCC-AAEC-99543AD81D10}
[2012.02.01 13:11:46 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F64759C8-1593-4707-818E-C1377EB51AD8}
[2012.02.01 01:11:34 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{35E6F8A7-F431-40ED-A651-F223A4AC928B}
[2012.02.01 01:11:12 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{A8DD8611-AD24-4618-AA36-CC490CA11A40}
[2012.01.31 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E2E36DE4-C372-4F41-B10A-8AF77D2DA6E9}
[2012.01.31 13:10:38 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8D177002-BC96-442B-BBE3-38CC9F1AD63E}
[2012.01.31 01:10:09 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F8AF7312-9E66-4F11-AFB7-89603159CA38}
[2012.01.31 01:09:48 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{3C17ED1F-8144-49C4-BA3B-9CE2A1309F77}
[2012.01.30 13:09:36 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{3FD75E72-5715-4C6F-A2A3-F635657D4C63}
[2012.01.30 13:09:19 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{716DF8BF-D79C-40B8-BF07-A682197E549A}
[2012.01.30 00:48:49 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{561F7CCE-84AA-4A27-9EE6-F3D35C021C56}
[2012.01.30 00:48:28 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F7DF047B-FE09-4F01-9E6B-D5BC9E962F3D}
[2012.01.29 12:48:16 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{9E5B221F-52FE-4552-83B3-72D555AF0E4C}
[2012.01.29 12:48:06 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{1483D77C-6124-453B-8A37-581C08AF81A2}
[2012.01.28 23:30:18 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{1CBA4C1D-96C2-40AC-96D1-425577DCB2BB}
[2012.01.28 23:29:56 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F4A352A2-32A5-4CCC-A9D7-3387C57156FC}
[2012.01.28 15:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012.01.28 11:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{B82BF569-3C51-4093-8359-284F489F9753}
[2012.01.28 11:29:22 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{B90F6E27-0EFA-421C-953F-7C1856496BA1}
[2012.01.27 22:55:58 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{DEAEFAE0-B543-43E1-82A1-D929BE7D9B69}
[2012.01.27 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8AE8CE5D-AECF-40F3-99C8-BEF3F98D7FA8}
[2012.01.27 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{548F92D0-9EE6-4C89-9D29-7CD96A8404CC}
[2012.01.27 10:54:56 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{1EF9853E-7586-4206-AAC2-F399C4118F36}
[2012.01.26 12:42:32 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E0CC2296-13D9-405F-B6A3-A416D6C43136}
[2012.01.26 12:42:11 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{BBDEB5C6-4D85-43A1-B31F-0632011F7288}
[2012.01.26 00:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{B7025717-900C-4F68-A61C-5723D0631387}
[2012.01.26 00:41:39 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{1612E801-D656-42D9-B105-545888041F9E}
[2012.01.25 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{4425EA6B-E000-488E-8E42-CBB368915BD5}
[2012.01.25 12:41:04 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{448F7DAB-5FE1-484C-9639-46EAAF6C8124}
[2012.01.24 23:37:20 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{BC5661D2-CF44-4D0C-AFAE-E5E8A0EFF7CC}
[2012.01.24 23:36:58 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{2E6B03D3-4007-4AD9-831B-8F6D8DA2B2AC}
[2012.01.24 11:36:31 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6B421EB6-6D04-4D20-923D-0B779BBAD93F}
[2012.01.24 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{436583C9-11BC-400C-AA57-DB214AE4A295}
[2012.01.23 18:02:19 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.23 18:02:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.23 18:02:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.23 18:02:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.23 18:02:19 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.23 18:02:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.23 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6E070F81-53B8-47D2-A69A-1EE26BF9B18F}
[2012.01.23 14:49:30 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{B69B9F01-A7C1-4CE5-84E8-BFCBC16905E2}
[2012.01.23 02:49:19 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8CF54C2F-D24E-4F22-AC85-8471C771D77B}
[2012.01.23 02:48:58 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{072031C7-84EB-4DF6-A331-B02D7E102039}
[2012.01.22 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{DD8D8DAD-1891-476D-9AC9-6E70BD2273A3}
[2012.01.22 14:48:30 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{4A6CFFB4-911F-4918-87AB-3CF1164B2752}
[2012.01.22 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E9A2987D-EBF3-41CD-9E97-236306CAC884}
[2012.01.22 01:22:36 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8A770C83-FEDA-47F1-A322-83D2608B2911}
[2012.01.21 13:22:23 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6817E196-6ED6-4F81-9654-D3864FEF9F42}
[2012.01.21 13:22:13 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{BB787B64-2C22-4D36-87E5-FDE112214EDE}
[2012.01.18 03:46:50 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{5438F8E7-B758-4A31-A084-CEE0259DC16C}
[2012.01.18 03:46:29 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{60AB0278-2C2F-440D-9456-F23D421A80AF}
[2012.01.17 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{0DEFEDEB-77A3-4325-A78B-1341609CDF5D}
[2012.01.17 15:45:43 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{16642188-E47E-45EA-B4AC-42762BC25F95}
[2012.01.17 03:45:19 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6CD04800-0432-4FF0-BD79-03DDA7BEB0C4}
[2012.01.17 03:44:58 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{59A5EEA5-7D91-44A1-858F-9C113D0D9D51}
[2012.01.16 15:44:46 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{B63390A2-9214-46F5-BFBC-0C57CC461A8C}
[2012.01.16 15:44:24 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8D8CEC3D-EF9C-4400-9510-1A923994AA16}
[2012.01.16 03:43:55 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{36850255-3875-4312-8D75-8725B49B7D8D}
[2012.01.16 03:43:34 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{CF19B84F-A24F-4733-B152-95B63ED437A0}
[2012.01.15 15:43:23 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{5A1FEE87-C7CE-477C-A75D-E5522C548171}
[2012.01.15 15:43:13 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6A696ABA-27F1-4E23-A2D5-C162F53E12DA}
[2012.01.15 03:43:01 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{A37FED9D-26F0-47B5-9085-26CD6DC4C445}
[2012.01.15 03:42:41 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{EDC5864D-38A9-4D64-AEFF-0681BFFA8131}
[2012.01.14 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{190FE849-361F-4EB1-907B-1A0990D1A65A}
[2012.01.14 15:42:06 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E8A8ABBD-A66B-4C2A-AB3C-4AC63BF3E920}
[2012.01.14 03:41:55 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{484F6A71-7E30-43F2-A603-89930C872CBA}
[2012.01.14 03:41:34 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{543F9642-0A0B-4F34-9392-7C6EA9433D94}
[2012.01.13 15:41:22 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{D47FB508-D0C6-4F9D-A85B-AD0641174A17}
[2012.01.13 15:41:01 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8B085D93-0A16-41DE-B618-90C82190010F}
[2012.01.13 03:40:50 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6B5FA9A1-50EC-4E47-B788-80475939D8BF}
[2012.01.13 03:40:28 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{0B9DE5EC-02C1-4FA1-9813-06C20A842FA0}
[2012.01.12 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E3701F31-D60E-473F-BD64-6912ACD38F3F}
[2012.01.12 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E334D011-43B3-4589-9F93-DA88CACCE4B7}
[2012.01.12 03:04:15 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{FCA74B8B-B8BB-4662-B828-9DE067ED8033}
[2012.01.12 03:03:53 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{BF32DAC2-CCEC-4C54-BCAB-36F81605E4FC}
[2012.01.11 15:03:30 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{DB19C4CA-59DA-4018-96B5-70C38C3BF2FC}
[2012.01.11 15:03:08 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{17918705-7D85-461F-84CA-0CC8BBA96E6F}
[2012.01.11 07:54:35 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 07:54:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 07:54:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 07:54:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 07:54:34 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 07:54:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 07:54:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.11 03:02:57 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{D3BAD2AC-8509-490A-B49E-1CDA0B8118D0}
[2012.01.11 03:02:35 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{2E0CD626-6F71-466F-ACE2-C94A85FFC63C}
[2012.01.10 16:36:32 | 000,000,000 | ---D | C] -- C:\Users\Sca\Desktop\Bewerbung
[2012.01.10 15:02:24 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{080FA19F-A33F-45C4-9A0E-7AD0EEAECB90}
[2012.01.10 15:02:02 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{899F3F58-C52E-4F37-B798-8BF1DE201FA2}
[2012.01.10 03:01:50 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{00F32DB4-8AFD-4367-9DBA-527AFD5A1D29}
[2012.01.10 03:01:29 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{0588225C-6699-4E69-A3F1-BDEB9FC10416}
[2012.01.09 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F843F712-3747-41C4-86CC-619564411D04}
[2012.01.09 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{115DE9B8-E5E2-4A6A-93CC-F5675CD24863}
[2012.01.09 03:00:28 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{5556D493-90C8-4045-B8EC-4685C005A6E2}
[2012.01.09 03:00:07 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{AB94EA89-B211-43D9-A6D3-E937584398FF}
[2012.01.08 14:59:42 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{6B4B6DE5-DA79-460E-A6C4-0F2A955DC2FF}
[2012.01.08 14:59:20 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{AEFA904A-5EDE-41F5-B21D-80EA7D24DE46}
[2012.01.08 02:58:55 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{13533146-2A58-416E-8637-5218824FB665}
[2012.01.08 02:58:34 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{E46DEA8C-DC2C-4CF9-8F94-F673E9C8215B}
[2012.01.07 16:18:55 | 000,000,000 | ---D | C] -- C:\Users\Sca\Desktop\Seis
[2012.01.07 14:58:21 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{9107E030-F778-4DC5-B858-9577F8B75AC7}
[2012.01.07 14:57:59 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{D25E50ED-CE03-4570-B2CC-4F73F7ECBCAD}
[2012.01.07 02:57:35 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{673553AB-9BAB-4D95-BCEB-7E61AAAFF6A2}
[2012.01.07 02:57:14 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{C55E3BC0-843F-4C35-82F0-5E8F93B2457E}
[2012.01.06 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{BE311260-70AF-4F17-B623-8730963DEAB0}
[2012.01.06 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F59ACFA2-F5E7-4016-A49C-96731D5B6358}
[2012.01.06 02:56:30 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{5D55137C-47C2-408D-A84C-8463FCE508DF}
[2012.01.06 02:56:09 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{EDC7B8DF-1140-43BF-BED9-67CEC3B20837}
[2012.01.05 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{A03E48A6-662C-40D8-B047-F42C5B268FD4}
[2012.01.05 14:55:37 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{5F398967-7120-4693-88AD-F2F40F84989E}
[2012.01.05 02:55:24 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{8BBE853B-4003-4890-B9D7-219BF36FD688}
[2012.01.05 02:55:02 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{0603A8A9-5151-437A-A7A1-E96BC1E6B48C}
[2012.01.04 14:54:38 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{09157468-AF76-4D10-BF71-0531C082F4E2}
[2012.01.04 14:54:29 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{9219ACE0-131C-4978-8164-17E8B73A8B4C}
[2012.01.04 02:54:17 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{F1CCB752-50AF-40C3-B540-716857D762E0}
[2012.01.04 02:53:56 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{559C0770-9647-4E9C-A640-87CC9F3F6E5D}
[2012.01.03 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{24C36C86-C146-4C91-96BE-20D7A70DEDE0}
[2012.01.03 14:53:22 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{796EC5FE-0279-4F9F-A597-E319E62C4E86}
[2012.01.03 02:53:11 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{730CD8BF-4BA3-4AEB-8B77-4F4657439007}
[2012.01.03 02:52:50 | 000,000,000 | ---D | C] -- C:\Users\Sca\AppData\Local\{D5715B59-451E-4328-90C8-99F6CE2309AA}
[4 C:\Users\Sca\Desktop\*.tmp files -> C:\Users\Sca\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.01 15:56:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.01 15:56:16 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 15:45:51 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.01 15:45:51 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.01 15:45:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.01 15:45:51 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.01 15:45:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.01 13:20:51 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000UA.job
[2012.02.01 13:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000Core.job
[2012.01.31 12:35:05 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.31 12:35:05 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.10 02:34:36 | 000,205,651 | ---- | M] () -- C:\Users\Sca\Desktop\do-flyer-ausbildung-gehobener-dienst.pdf
[4 C:\Users\Sca\Desktop\*.tmp files -> C:\Users\Sca\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.10 02:34:36 | 000,205,651 | ---- | C] () -- C:\Users\Sca\Desktop\do-flyer-ausbildung-gehobener-dienst.pdf
[2011.09.30 01:05:39 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.30 01:05:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.10 03:47:40 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.07 23:44:50 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.09.07 21:21:51 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.09.07 21:21:51 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.09.07 21:21:49 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.09.07 21:21:49 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.09.07 21:11:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.11.03 00:54:21 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Amazon
[2011.09.26 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\avidemux
[2011.12.09 04:35:02 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Azureus
[2011.09.07 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Canneverbe Limited
[2011.09.08 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\DAEMON Tools Lite
[2012.02.01 15:53:41 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Dropbox
[2011.12.08 16:33:02 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\DVDVideoSoft
[2011.12.08 16:32:41 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.08 00:02:26 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\gtk-2.0
[2011.09.13 11:49:34 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Leadertech
[2011.09.08 00:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\LolClient
[2011.09.30 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Origin
[2011.12.20 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\Ubisoft
[2011.11.20 18:00:05 | 000,000,000 | ---D | M] -- C:\Users\Sca\AppData\Roaming\VshareComplete
[2012.02.01 13:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000Core.job
[2012.02.01 13:20:51 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000UA.job
[2012.01.24 11:34:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012.01.22 15:18:20 | 000,000,988 | ---- | M] ()(C:\Users\Sca\AppData\Local\PMB Files.?an) -- C:\Users\Sca\AppData\Local\PMB Files.聰an
[2012.01.22 14:48:15 | 000,000,988 | ---- | C] ()(C:\Users\Sca\AppData\Local\PMB Files.?an) -- C:\Users\Sca\AppData\Local\PMB Files.聰an

< End of report >

Leider weiß ich nicht wie es weitergeht

Da in eineM Thread gesagt wurden ist das es individuel ist und jeder einen eigenen Report abgeben muss. Ich hoffe mir kann geholfen werden. Im Vorraus schonmal vielen dank wenn mir jemand helfen kann

markusg · 01.02.2012, 16:07

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [vasja] C:\Users\Sca\AppData\Local\Temp\0.32863280667622596.exe (Quick Heal Technologies (P) Ltd.)
 :Files
C:\Users\Sca\AppData\Local\Temp\0.32863280667622596.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

aiSca · 01.02.2012, 16:18

So gemacht in der txt Datei stand :

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Sca\AppData\Local\Temp\0.32863280667622596.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sca
->Flash cache emptied: 7948 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sca
->Temp folder emptied: 770810408 bytes
->Temporary Internet Files folder emptied: 65264350 bytes
->Java cache emptied: 193328 bytes
->FireFox cache emptied: 690573733 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183490688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.631,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02012012_161024

Files\Folders moved on Reboot...
C:\Users\Sca\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Schonmal Vielen Vielen Dank für die schnelle Hilfe!! Die Datei werde ich auch gleich noch uploaden

aiSca · 01.02.2012, 16:20

Hat geklappt mit dem Upload

Datei: MovedFiles.rar_1 empfangen

Vorgang erfolgreich abgeschlossen.

Nochmal VIELEN DANK !

Echt super die fixe Hilfe!!

markusg · 01.02.2012, 16:21

danke für den upload.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

aiSca · 01.02.2012, 16:32

so

Das ist die Datei die am Ende ausgegeben wurde

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-01.01 - Sca 01.02.2012  16:24:28.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2237 [GMT 1:00]
ausgeführt von:: c:\users\Sca\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sca\Desktop\Setup.exe
G:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-01 bis 2012-02-01  ))))))))))))))))))))))))))))))
.
.
2012-02-01 15:16 . 2012-02-01 15:16	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD80D29F-B5E7-44D7-85D7-BC62DDD85ED7}\offreg.dll
2012-02-01 15:10 . 2012-02-01 15:19	--------	d-----w-	C:\_OTL
2012-01-31 13:46 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD80D29F-B5E7-44D7-85D7-BC62DDD85ED7}\mpengine.dll
2012-01-28 14:40 . 2012-01-28 14:40	--------	d-----w-	c:\program files (x86)\Veetle
2012-01-11 06:54 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 06:54 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 06:54 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 06:54 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 06:54 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 06:54 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 06:54 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 06:54 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-07 15:21 . 2012-01-07 15:21	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 15:21 . 2012-01-07 15:21	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 15:21 . 2012-01-07 15:21	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 15:21 . 2012-01-07 15:21	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:39 . 2011-09-07 20:47	279096	------w-	c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-14 17:50	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-23 13:41 . 2011-11-23 13:41	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-23 13:41 . 2011-11-23 13:41	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-11-23 13:41 . 2011-11-23 13:41	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-23 13:41 . 2011-11-23 13:41	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-11-23 13:41 . 2011-11-23 13:41	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-11-23 13:41 . 2011-11-23 13:41	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-11-23 13:41 . 2011-11-23 13:41	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-11-23 13:41 . 2011-11-23 13:41	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-11-23 13:41 . 2011-11-23 13:41	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-11-23 13:41 . 2011-11-23 13:41	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-11-23 13:41 . 2011-11-23 13:41	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-11-23 13:41 . 2011-11-23 13:41	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-11-23 13:41 . 2011-11-23 13:41	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-11-23 13:41 . 2011-11-23 13:41	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 13:41 . 2011-11-23 13:41	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-11-23 13:41 . 2011-11-23 13:41	222208	----a-w-	c:\windows\system32\msls31.dll
2011-11-23 13:41 . 2011-11-23 13:41	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-11-23 13:41 . 2011-11-23 13:41	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-11-23 13:41 . 2011-11-23 13:41	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-11-23 13:41 . 2011-11-23 13:41	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 13:41 . 2011-11-23 13:41	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-11-23 13:41 . 2011-11-23 13:41	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-11-23 13:41 . 2011-11-23 13:41	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-11-23 13:41 . 2011-11-23 13:41	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-11-23 13:41 . 2011-11-23 13:41	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-11-23 13:41 . 2011-11-23 13:41	448512	----a-w-	c:\windows\system32\html.iec
2011-11-23 13:41 . 2011-11-23 13:41	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-23 13:41 . 2011-11-23 13:41	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-11-23 13:41 . 2011-11-23 13:41	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-11-23 13:41 . 2011-11-23 13:41	160256	----a-w-	c:\windows\system32\wextract.exe
2011-11-23 13:41 . 2011-11-23 13:41	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-11-23 13:41 . 2011-11-23 13:41	12288	----a-w-	c:\windows\system32\mshta.exe
2011-11-23 13:41 . 2011-11-23 13:41	114176	----a-w-	c:\windows\system32\admparse.dll
2011-11-23 13:41 . 2011-11-23 13:41	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-11-23 13:34 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-11-23 13:34 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-11-17 20:54 . 2011-09-07 20:07	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 17:50	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 17:50	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 02:02	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 02:02	1390080	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 02:02	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 02:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 02:02	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 02:02	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 02:02	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 02:02	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-07 3077528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Facebook Update"="c:\users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-12 137536]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"EADM"="d:\program files (x86)\Origin\Origin.exe" [2011-09-23 27763336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-07 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
c:\users\Sca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sca\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-09-07 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-07 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-07 428200]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-10 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-10 381248]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000Core.job
- c:\users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 11:15]
.
2012-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000UA.job
- c:\users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 11:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-09 01:54	167416	----a-w-	c:\users\Sca\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-05-18 310784]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-05-18 158208]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startsear.ch/?aff=1&cf=0cb7fe67-1399-11e1-8ca2-002215439681
mStart Page = hxxp://startsear.ch/?aff=1&cf=0cb7fe67-1399-11e1-8ca2-002215439681
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sca\AppData\Roaming\Mozilla\Firefox\Profiles\m2rtfyre.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=0cb7fe67-1399-11e1-8ca2-002215439681&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-01  16:30:20
ComboFix-quarantined-files.txt  2012-02-01 15:30
.
Vor Suchlauf: 9 Verzeichnis(se), 50.690.134.016 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50.179.768.320 Bytes frei
.
- - End Of File - - FEC5F79196AD52033A823B69B494B094

--- --- ---

markusg · 01.02.2012, 16:36

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

aiSca · 01.02.2012, 17:19

So hier ist das log

Zitat:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sca :: SCA-PC [Administrator]

Schutz: Aktiviert

01.02.2012 16:41:33
mbam-log-2012-02-01 (16-41-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342262
Laufzeit: 24 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (Search) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (Search) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\02012012_161024\C_Users\Sca\AppData\Local\Temp\0.32863280667622596.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 01.02.2012, 18:34

lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Windows Security-Drohung - Ihr Windows System wurde blockiert!

Plagegeister aller Art und deren Bekämpfung: Windows Security-Drohung - Ihr Windows System wurde blockiert!