Der 50€ Virus hat mich erwischt

Marth89 · 15.02.2012, 11:20

Hallo zusammen!
Es hat den Anschein, als habe mich der berüchtigte "50€ Virus" erwischt. Nach dem Starten des Computers (Windows 7), kommt eine Nachricht, dass der Comupter aus Sicherheitsgründen gesperrt wurde und ich ein kostenpflichtiges Update bräuchte, um wieder auf den PC zuzugreifen.

Ich bin den hier beschriebenden Schritten gefolgt und habe die beiden Files erstellt:

Zitat:

OTL logfile created on: 15.02.2012 11:00:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rocketbeans_2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 88,79% Memory free
15,95 Gb Paging File | 15,12 Gb Available in Paging File | 94,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 107,95 Gb Free Space | 11,59% Space Free | Partition Type: NTFS

Computer Name: BEANV2 | User Name: rocketbeans_2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\rocketbeans_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (DTSAudioService) -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe (DTS)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (KMCCTRUTIL) -- C:\Windows\SysNative\drivers\CyUSB.sys (Cypress Semiconductor)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=5005731d0000000000000026832e11f7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.15 12:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.14 10:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.03 12:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.4\FF [2011.12.15 14:08:23 | 000,000,000 | ---D | M]

[2012.01.03 12:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rocketbeans_2\AppData\Roaming\mozilla\Extensions
[2012.02.02 12:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rocketbeans_2\AppData\Roaming\mozilla\Firefox\Profiles\tc2tc0vs.default\extensions
[2012.02.02 12:50:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\rocketbeans_2\AppData\Roaming\mozilla\Firefox\Profiles\tc2tc0vs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.14 12:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.14 12:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.02.14 10:24:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={E0A4FDBA-C56B-4579-A3E0-F90340B3E2D8}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Users\rocketbeans_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
CHR - Extension: YouTube = C:\Users\rocketbeans_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\rocketbeans_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: DealPly = C:\Users\rocketbeans_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\rocketbeans_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\rocketbeans_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Blackmagic CheckVersion PCI] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe (Blackmagic Design)
O4:64bit: - HKLM..\Run: [Blackmagic Streaming Server] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Blackmagic CheckVersion] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ffdwnd] C:\Users\rocketbeans_2\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.12 213.191.74.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F443812-46E5-4701-86D7-C53F13865575}: DhcpNameServer = 213.191.74.12 213.191.74.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.15 10:56:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\rocketbeans_2\Desktop\OTL.exe
[2012.02.15 10:47:20 | 000,000,000 | R--D | C] -- C:\Users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.02.14 14:56:22 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.02.14 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Roaming\OpenOffice.org
[2012.02.14 12:16:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.02.14 12:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.02.14 12:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.02.14 12:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.14 12:15:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.02.14 12:15:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.02.14 12:15:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.02.14 12:15:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.02.14 12:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.02.14 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2012.02.09 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Material
[2012.02.08 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Eingespielt
[2012.02.08 12:33:13 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Filme
[2012.02.08 12:32:20 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Rausgerechnet
[2012.02.08 12:30:09 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Projekte
[2012.02.07 14:15:58 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Encoded Files
[2012.02.07 14:15:58 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Adobe Premiere Pro Preview Files
[2012.02.02 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\dwhelper
[2012.01.31 12:31:22 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\1 Stunde Neverdead
[2012.01.30 11:59:27 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Local\Diagnostics
[2012.01.30 10:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.01.30 10:23:11 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.30 10:23:11 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.30 10:23:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.30 10:23:11 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.30 10:23:02 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.30 10:23:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.30 10:23:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.30 10:23:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.30 10:23:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.30 10:23:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.30 10:22:55 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.30 10:22:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.30 10:22:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.23 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.23 13:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.23 13:09:23 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2012.01.23 13:09:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012.01.23 13:09:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.01.23 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.01.23 13:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.01.23 13:01:59 | 000,880,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\WM8EUTIL.exe
[2012.01.23 13:01:59 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
[2012.01.23 13:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
[2012.01.23 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD to MP3 Freeware
[2012.01.23 11:38:47 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Roaming\Broad Intelligence
[2012.01.23 11:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCoder
[2012.01.23 11:03:07 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.01.23 11:03:07 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.01.23 11:03:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.01.23 11:03:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.01.23 11:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.01.23 11:00:43 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.01.23 11:00:41 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Roaming\OpenCandy
[2012.01.23 11:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.01.23 10:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.01.20 16:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.01.20 16:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.01.20 16:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.01.20 12:39:33 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Alien
[2012.01.17 11:30:08 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\AppData\Local\Daedalic Entertainment
[2012.01.17 11:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2012.01.17 11:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment
[2012.01.17 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Deponia
[2012.01.16 13:51:35 | 000,000,000 | ---D | C] -- C:\Users\rocketbeans_2\Desktop\Sounds

========== Files - Modified Within 30 Days ==========

[2012.02.15 10:56:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rocketbeans_2\Desktop\OTL.exe
[2012.02.15 10:49:51 | 2129,285,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.15 10:47:20 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 10:47:20 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.02.14 16:20:12 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 16:20:12 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 16:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.14 15:57:08 | 000,740,314 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Tekken.jpg
[2012.02.14 15:57:08 | 000,001,456 | ---- | M] () -- C:\Users\rocketbeans_2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.14 14:57:01 | 000,006,704 | ---- | M] () -- C:\bootsqm.dat
[2012.02.14 14:49:02 | 004,866,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.14 13:44:53 | 000,648,634 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\EEOnepiece.jpg
[2012.02.14 12:58:04 | 000,010,718 | ---- | M] () -- C:\Users\rocketbeans_2\Documents\untitled_1.odt
[2012.02.14 12:26:51 | 000,001,244 | ---- | M] () -- C:\Users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.02.14 12:16:24 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.02.14 12:15:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.02.14 12:15:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.02.14 12:15:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.02.14 12:15:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.02.13 16:42:06 | 053,988,669 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\intro.psd
[2012.02.13 15:30:15 | 003,575,808 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Test.mpg
[2012.02.13 15:30:15 | 000,010,556 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Test.xmp
[2012.02.13 15:00:17 | 001,580,640 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\intro_oben.png
[2012.02.13 15:00:17 | 000,433,789 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\intro_unten.png
[2012.02.13 13:59:26 | 223,358,653 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Logo4.psd
[2012.02.13 13:16:42 | 000,414,332 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Logo4.jpg
[2012.02.13 12:38:36 | 101,236,322 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Logo3.psd
[2012.02.13 12:12:00 | 000,176,433 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Logo3.jpg
[2012.02.13 12:08:04 | 000,179,360 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\LogoVERS1.jpg
[2012.02.13 12:07:47 | 000,179,360 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\logo_vers.1.jpg
[2012.02.13 12:07:13 | 048,251,199 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Logo2.psd
[2012.02.13 11:49:26 | 046,597,105 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Logo.psd
[2012.02.10 17:04:53 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.10 17:04:53 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.10 17:04:53 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.10 17:04:53 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.10 17:04:53 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.10 12:26:33 | 164,166,359 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Metabenen-Overkill-neu.mov
[2012.02.09 16:31:18 | 000,579,621 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\rayman-origins.jpg
[2012.02.09 11:13:31 | 000,084,015 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Zelda-music-700x4203.jpg
[2012.02.08 11:17:43 | 1318,217,093 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\kd-ed-16-neu.mp4
[2012.02.08 10:30:04 | 002,322,273 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\knallhart6.02.12.prproj
[2012.02.07 17:42:48 | 000,001,033 | ---- | M] () -- C:\Users\rocketbeans_2\Documents\Folgen.rtf
[2012.02.03 15:45:27 | 000,110,104 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\anhang1.gif
[2012.02.02 11:38:12 | 000,031,706 | ---- | M] () -- C:\Users\rocketbeans_2\Documents\bla.xps
[2012.02.02 10:55:58 | 029,280,004 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Aliens_Colonial_Marines_-_Action_Trailer__PC__PS3__Xbox_360_.zip
[2012.02.01 15:04:18 | 000,167,172 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\oscar.png
[2012.02.01 12:13:59 | 000,002,234 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Alientext.rtf
[2012.01.30 16:36:45 | 026,812,027 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\ps.psd
[2012.01.30 10:27:10 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.01.30 10:27:10 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.01.26 11:12:33 | 000,002,349 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.01.25 12:39:56 | 000,442,955 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\frame2.png
[2012.01.25 12:07:55 | 000,046,827 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\frame1.png
[2012.01.23 18:30:02 | 000,002,343 | ---- | M] () -- C:\Users\rocketbeans_2\Documents\alien.rtf
[2012.01.23 13:09:33 | 000,001,302 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\AVS4YOU Software Navigator.lnk
[2012.01.23 13:09:26 | 000,001,246 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\AVS Audio Converter.lnk
[2012.01.23 13:02:01 | 000,000,040 | ---- | M] () -- C:\Users\rocketbeans_2\AppData\Roaming\cdr.ini
[2012.01.23 13:01:59 | 000,001,007 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Free CD to MP3 Converter.lnk
[2012.01.23 12:23:03 | 916,415,571 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Alien.mp4
[2012.01.23 11:00:24 | 000,003,219 | ---- | M] () -- C:\user.js
[2012.01.23 10:52:37 | 011,084,179 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Prometheus - Official Trailer (HD).mp4
[2012.01.23 10:28:47 | 000,000,229 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\prometheus-tlr1_h480p.mov
[2012.01.20 16:20:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.01.20 13:10:35 | 000,184,999 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\15258_aliens_xenomorph.jpg
[2012.01.20 11:58:05 | 000,255,868 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\Alien1.jpg
[2012.01.19 20:32:50 | 000,369,423 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\premiere Donnerstag abend.png
[2012.01.17 11:29:33 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Deponia.lnk
[2012.01.16 13:26:05 | 000,000,475 | ---- | M] () -- C:\Users\rocketbeans_2\Desktop\grabbelkiste.rtf

========== Files Created - No Company Name ==========

[2012.02.14 15:57:08 | 000,740,314 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Tekken.jpg
[2012.02.14 15:23:08 | 000,010,718 | ---- | C] () -- C:\Users\rocketbeans_2\Documents\untitled_1.odt
[2012.02.14 14:57:01 | 000,006,704 | ---- | C] () -- C:\bootsqm.dat
[2012.02.14 13:44:53 | 000,648,634 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\EEOnepiece.jpg
[2012.02.14 12:26:51 | 000,001,244 | ---- | C] () -- C:\Users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.02.14 12:16:24 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.02.13 15:30:15 | 000,010,556 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Test.xmp
[2012.02.13 15:30:12 | 003,575,808 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Test.mpg
[2012.02.13 14:56:53 | 000,433,789 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\intro_unten.png
[2012.02.13 14:55:04 | 001,580,640 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\intro_oben.png
[2012.02.13 14:52:07 | 053,988,669 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\intro.psd
[2012.02.13 13:16:42 | 000,414,332 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Logo4.jpg
[2012.02.13 12:48:50 | 223,358,653 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Logo4.psd
[2012.02.13 12:12:00 | 000,176,433 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Logo3.jpg
[2012.02.13 12:10:34 | 101,236,322 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Logo3.psd
[2012.02.13 12:08:04 | 000,179,360 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\LogoVERS1.jpg
[2012.02.13 12:07:46 | 000,179,360 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\logo_vers.1.jpg
[2012.02.13 12:07:09 | 048,251,199 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Logo2.psd
[2012.02.13 10:47:43 | 046,597,105 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Logo.psd
[2012.02.10 12:25:24 | 164,166,359 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Metabenen-Overkill-neu.mov
[2012.02.09 16:31:17 | 000,579,621 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\rayman-origins.jpg
[2012.02.09 11:13:30 | 000,084,015 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Zelda-music-700x4203.jpg
[2012.02.08 10:34:42 | 1318,217,093 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\kd-ed-16-neu.mp4
[2012.02.08 10:32:21 | 002,322,273 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\knallhart6.02.12.prproj
[2012.02.07 12:32:11 | 000,001,033 | ---- | C] () -- C:\Users\rocketbeans_2\Documents\Folgen.rtf
[2012.02.03 15:45:26 | 000,110,104 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\anhang1.gif
[2012.02.02 11:38:11 | 000,031,706 | ---- | C] () -- C:\Users\rocketbeans_2\Documents\bla.xps
[2012.02.02 10:55:35 | 029,280,004 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Aliens_Colonial_Marines_-_Action_Trailer__PC__PS3__Xbox_360_.zip
[2012.02.01 12:13:59 | 000,002,234 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Alientext.rtf
[2012.01.30 14:43:57 | 026,812,027 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\ps.psd
[2012.01.26 13:02:07 | 000,167,172 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\oscar.png
[2012.01.25 12:16:16 | 000,442,955 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\frame2.png
[2012.01.25 12:07:40 | 000,046,827 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\frame1.png
[2012.01.23 18:30:02 | 000,002,343 | ---- | C] () -- C:\Users\rocketbeans_2\Documents\alien.rtf
[2012.01.23 13:09:33 | 000,001,302 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\AVS4YOU Software Navigator.lnk
[2012.01.23 13:09:26 | 000,001,246 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\AVS Audio Converter.lnk
[2012.01.23 13:02:01 | 000,000,040 | ---- | C] () -- C:\Users\rocketbeans_2\AppData\Roaming\cdr.ini
[2012.01.23 13:01:59 | 000,001,007 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Free CD to MP3 Converter.lnk
[2012.01.23 12:23:01 | 916,415,571 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Alien.mp4
[2012.01.23 11:03:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.01.23 10:52:14 | 2266,644,465 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Alien.mkv
[2012.01.23 10:52:07 | 011,084,179 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Prometheus - Official Trailer (HD).mp4
[2012.01.23 10:28:45 | 000,000,229 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\prometheus-tlr1_h480p.mov
[2012.01.20 16:20:23 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.01.20 16:20:23 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.01.20 13:10:34 | 000,184,999 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\15258_aliens_xenomorph.jpg
[2012.01.20 11:58:04 | 000,255,868 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\Alien1.jpg
[2012.01.19 20:32:50 | 000,369,423 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\premiere Donnerstag abend.png
[2012.01.17 11:29:33 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Deponia.lnk
[2012.01.16 13:26:05 | 000,000,475 | ---- | C] () -- C:\Users\rocketbeans_2\Desktop\grabbelkiste.rtf
[2012.01.11 11:26:13 | 000,001,456 | ---- | C] () -- C:\Users\rocketbeans_2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.10.24 11:30:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.27 14:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 70 bytes -> C:\Users\rocketbeans_2\Desktop\Capture_Unit.rar:com.apple.quarantine
@Alternate Data Stream - 64 bytes -> C:\Users\rocketbeans_2\Desktop\Capture_Unit.rar:AFP_AfpInfo
@Alternate Data Stream - 204 bytes -> C:\Users\rocketbeans_2\Desktop\Capture_Unit.rar:com.apple.metadatakMDItemWhereFroms

< End of report >

Zitat:

OTL Extras logfile created on: 15.02.2012 11:00:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rocketbeans_2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 88,79% Memory free
15,95 Gb Paging File | 15,12 Gb Available in Paging File | 94,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 107,95 Gb Free Space | 11,59% Space Free | Partition Type: NTFS

Computer Name: BEANV2 | User Name: rocketbeans_2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{626B3D60-A661-4444-AAF5-6C75E55936E8}" = Adobe Creative Suite 5 Production Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF9A1CA-4BAA-4511-8DAE-16832C914034}" = Blackmagic Design Desktop Video
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F283F943-5805-4F5C-A0B4-6ACE721730EB}" = PARTNER-CTR Capture - Ver1.04.1000
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DealPly" = DealPly
"Deponia" = Deponia
"DivX Setup" = DivX-Setup
"Fraps" = Fraps (remove only)
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PriceGong" = PriceGong 2.5.4
"Steam App 570" = Dota 2
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.02.2012 10:23:51 | Computer Name = BeanV2 | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2012 10:43:18 | Computer Name = BeanV2 | Source = System Restore | ID = 8210
Description =

Error - 14.02.2012 10:47:58 | Computer Name = BeanV2 | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2012 11:04:27 | Computer Name = BeanV2 | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2012 11:09:01 | Computer Name = BeanV2 | Source = System Restore | ID = 8210
Description =

Error - 14.02.2012 11:14:35 | Computer Name = BeanV2 | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.1.4421 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12b8 Startzeit:
01cceb2b42052307 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
9661456a-571e-11e1-86f6-0026832e11f7

Error - 14.02.2012 11:14:45 | Computer Name = BeanV2 | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2012 05:40:52 | Computer Name = BeanV2 | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2012 05:44:09 | Computer Name = BeanV2 | Source = System Restore | ID = 8210
Description =

Error - 15.02.2012 05:51:46 | Computer Name = BeanV2 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15.02.2012 05:39:23 | Computer Name = BeanV2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 15.02.2012 05:40:02 | Computer Name = BeanV2 | Source = DCOM | ID = 10005
Description =

Error - 15.02.2012 05:50:03 | Computer Name = BeanV2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
discache spldr Wanarpv6

Error - 15.02.2012 05:50:08 | Computer Name = BeanV2 | Source = DCOM | ID = 10005
Description =

Error - 15.02.2012 05:50:14 | Computer Name = BeanV2 | Source = DCOM | ID = 10005
Description =

Error - 15.02.2012 05:50:16 | Computer Name = BeanV2 | Source = DCOM | ID = 10005
Description =

Error - 15.02.2012 05:50:16 | Computer Name = BeanV2 | Source = DCOM | ID = 10005
Description =

Error - 15.02.2012 05:50:16 | Computer Name = BeanV2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 15.02.2012 05:50:16 | Computer Name = BeanV2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 15.02.2012 05:50:42 | Computer Name = BeanV2 | Source = DCOM | ID = 10005
Description =

< End of report >

Ich habe noch nicht ganz verstanden wie es jetzt weiter geht und hoffe auf eure Hilfe!

Grüße,
Martin

markusg · 15.02.2012, 12:05

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\rocketbeans_2\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
 :Files
C:\Users\rocketbeans_2\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Marth89 · 15.02.2012, 12:34

Danke für die schnelle Antwort!

Es scheint funktioniert zu haben. Ich habe den verpackten Ordner hochgeladen.

Hier die Text-Datei:

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.
C:\Users\rocketbeans_2\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Budi

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ian

User: Maike

User: Public

User: rocketbeans_2
->Flash cache emptied: 38102 bytes

User: Sia

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Budi

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ian

User: Maike

User: Public

User: rocketbeans_2
->Temp folder emptied: 557692865 bytes
->Temporary Internet Files folder emptied: 205084596 bytes
->Java cache emptied: 468879 bytes
->FireFox cache emptied: 52977904 bytes
->Google Chrome cache emptied: 425057429 bytes
->Flash cache emptied: 0 bytes

User: Sia

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44110816 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.226,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_122536

Files\Folders moved on Reboot...
C:\Users\rocketbeans_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Nochmals einen dicken Dank!

markusg · 15.02.2012, 13:18

hi, danke für den upload.
bis wir fertig sind, nur auf von mir genannten seiten surfen, sonst kann es zu problemen kommen, also einer neu infektion zb.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Marth89 · 15.02.2012, 14:33

Alles klar, hier ist es:
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-13.01 - rocketbeans_2 15.02.2012  14:25:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.6462 [GMT 1:00]
ausgeführt von:: c:\users\rocketbeans_2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-15 bis 2012-02-15  ))))))))))))))))))))))))))))))
.
.
2012-02-15 13:28 . 2012-02-15 13:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-02-15 13:28 . 2012-02-15 13:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-15 12:19 . 2012-02-15 12:19	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AA55E38-4752-4AB5-AEED-834AA8D6B665}\offreg.dll
2012-02-15 11:25 . 2012-02-15 11:25	--------	d-----w-	C:\_OTL
2012-02-14 13:56 . 2012-02-14 13:56	--------	d-----w-	C:\found.000
2012-02-14 11:26 . 2012-02-14 11:26	--------	d-----w-	c:\users\rocketbeans_2\AppData\Roaming\OpenOffice.org
2012-02-14 11:16 . 2012-02-14 11:16	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2012-02-14 11:15 . 2012-02-14 11:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-02-14 11:15 . 2012-02-14 11:15	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-14 11:15 . 2012-02-14 11:15	--------	d-----w-	c:\program files (x86)\Java
2012-02-14 09:22 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AA55E38-4752-4AB5-AEED-834AA8D6B665}\mpengine.dll
2012-02-10 10:22 . 2012-02-10 11:29	--------	d-----w-	c:\users\Maike
2012-02-02 13:00 . 2012-02-03 11:02	--------	d-----w-	c:\users\rocketbeans_2\dwhelper
2012-01-30 10:59 . 2012-01-30 10:59	--------	d-----w-	c:\users\rocketbeans_2\AppData\Local\Diagnostics
2012-01-30 09:22 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-30 09:22 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-30 09:22 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-30 09:22 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-23 12:09 . 2011-09-20 13:35	11137024	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2012-01-23 12:09 . 2010-11-12 19:18	1700352	----a-w-	c:\windows\SysWow64\GdiPlus.dll
2012-01-23 12:09 . 2010-11-12 19:18	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-01-23 12:08 . 2012-01-23 12:09	--------	d-----w-	c:\program files (x86)\AVS4YOU
2012-01-23 12:08 . 2012-01-23 12:09	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2012-01-23 12:01 . 2012-01-23 12:04	--------	d-----w-	c:\program files (x86)\CD to MP3 Freeware
2012-01-23 12:01 . 2001-03-23 15:29	880912	----a-w-	c:\windows\WM8EUTIL.exe
2012-01-23 10:38 . 2012-01-23 12:06	--------	d-----w-	c:\users\rocketbeans_2\AppData\Roaming\Broad Intelligence
2012-01-23 10:38 . 2012-01-23 12:06	--------	d-----w-	c:\program files (x86)\MediaCoder
2012-01-23 10:03 . 2009-09-27 08:39	369152	----a-w-	c:\windows\SysWow64\avisynth.dll
2012-01-23 10:03 . 2005-07-14 11:31	32256	----a-w-	c:\windows\SysWow64\AVSredirect.dll
2012-01-23 10:03 . 2004-02-22 09:11	719872	----a-w-	c:\windows\SysWow64\devil.dll
2012-01-23 10:03 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\yv12vfw.dll
2012-01-23 10:03 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\i420vfw.dll
2012-01-23 10:03 . 2012-01-23 10:03	--------	d-----w-	c:\program files (x86)\AviSynth 2.5
2012-01-23 10:00 . 2012-01-23 10:00	--------	d-----w-	c:\users\rocketbeans_2\AppData\Roaming\OpenCandy
2012-01-23 10:00 . 2012-01-23 10:00	--------	d-----w-	c:\program files (x86)\BabylonToolbar
2012-01-23 09:59 . 2012-01-23 10:35	--------	d-----w-	c:\program files (x86)\eRightSoft
2012-01-20 15:20 . 2012-01-20 15:20	--------	d-----w-	c:\programdata\McAfee
2012-01-20 15:20 . 2012-01-20 15:20	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-01-20 15:20 . 2012-01-30 09:27	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-01-17 10:30 . 2012-01-17 10:30	--------	d-----w-	c:\users\rocketbeans_2\AppData\Local\Daedalic Entertainment
2012-01-17 10:28 . 2012-01-17 10:28	--------	d-----w-	c:\program files (x86)\Daedalic Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-20 15:20 . 2011-11-24 20:00	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 10:45	3145216	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21	1299248	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-24 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-12-05 114992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\rocketbeans_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
R3 KMCCTRUTIL;PARTNER-CTR UIC-MIDI/Capture USB interface service;c:\windows\system32\Drivers\CyUSB.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-08-02 210024]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 20:00]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 20:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-02 12558440]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-02 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Blackmagic Streaming Server"="c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe" [2011-11-03 1088000]
"Blackmagic CheckVersion PCI"="c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe" [2011-11-03 22210176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=5005731d0000000000000026832e11f7
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.191.74.12 213.191.74.11
FF - ProfilePath - c:\users\rocketbeans_2\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tc0vs.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5005731d0000000000000026832e11f7
FF - user.js: extensions.BabylonToolbar_i.hardId - 5005731d0000000000000026832e11f7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15362
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Blackmagic CheckVersion - c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-15  14:30:52
ComboFix-quarantined-files.txt  2012-02-15 13:30
.
Vor Suchlauf: 11 Verzeichnis(se), 115.864.080.384 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 115.716.489.216 Bytes frei
.
- - End Of File - - 9905074167B9661C2F34DDC62949E38E

--- --- ---

markusg · 15.02.2012, 16:23

hi
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Marth89 · 15.02.2012, 16:54

Alles. Es wurden tatsächlich keine infizierten Objekte gefunden.

Zitat:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rocketbeans_2 :: BEANV2 [Administrator]

Schutz: Aktiviert

15.02.2012 16:31:23
mbam-log-2012-02-15 (16-31-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357348
Laufzeit: 18 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 15.02.2012, 19:09

sehr gut.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Marth89 · 16.02.2012, 10:57

Okay, hier ist die Liste:

Zitat:

7-Zip 9.20 (x64 edition) Igor Pavlov 02.01.2012 4,53MB 9.20.00.0 notwendig
Adobe AIR Adobe Systems Inc. 12.12.2011 1.5.3.9120 notwendig
Adobe Community Help Adobe Systems Incorporated 12.12.2011 3.0.0.400 notwendig
Adobe Creative Suite 5 Production Premium Adobe Systems Incorporated 12.12.2011 15.796MB 5.0 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 12.12.2011 2,42MB 10.1.52.14 notwendig
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 23.11.2011 6,00MB 11.1.102.55 notwendig
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 19.01.2012 6,00MB 11.1.102.55 notwendig
Adobe Media Player Adobe Systems Incorporated 12.12.2011 1.8 notwendig
Apple Application Support Apple Inc. 14.12.2011 61,2MB 2.1.5 unnötig
Apple Software Update Apple Inc. 14.12.2011 2,38MB 2.1.3.127 unnötig
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 23.10.2011 2,23MB 1.10.1.0 unbekannt
AVS Audio Converter 7 Online Media Technologies Ltd. 22.01.2012 unbekannt
AVS Update Manager 1.0 Online Media Technologies Ltd. 22.01.2012 unbekannt
AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 22.01.2012 unbekannt
Babylon toolbar on IE 22.01.2012 unnötig
Bing Bar Microsoft Corporation 26.04.2011 24,4MB 7.0.610.0 unnötig
Blackmagic Design Desktop Video Blackmagic Design 14.12.2011 101,9MB 9.0.0.0 notwendig
Bluetooth Win7 Suite (64) Atheros Communications 23.10.2011 59,1MB 7.2.0.40 unbekannt
CCleaner Piriform 15.02.2012 3.15 notwendig
Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 26.04.2011 5,57MB 15.4.5722.2 unbekannt
DealPly DealPly 14.12.2011 unbekannt
Deponia Daedalic Entertainment 16.01.2012 1.0 unnötig
DivX-Setup DivX, LLC 14.12.2011 2.6.0.34 notwendig
Dota 2 23.11.2011 unnötig
Fraps (remove only) 28.11.2011 notwendig
Free CD to MP3 Converter 22.01.2012 unnötig
Google Chrome Google Inc. 14.12.2011 16.0.912.77 notwendig
Google Toolbar for Internet Explorer Google Inc. 10.01.2012 7.2.2427.2330 unnötig
Heroes of Newerth S2 Games 23.11.2011 2.3.0 unnötig
Intel(R) Management Engine Components Intel Corporation 24.10.2011 7.0.0.1144 unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 24.10.2011 10.6.0.1002 unbekannt
Java(TM) 6 Update 22 Oracle 13.02.2012 97,1MB 6.0.220 notwendig
League of Legends Riot Games 23.11.2011 1.02.0000 unnötig
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14.02.2012 17,4MB 1.60.1.1000 notwendig
McAfee Security Scan Plus McAfee, Inc. 29.01.2012 8,30MB 2.0.181.2 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2011 38,8MB 4.0.30319 unbekannt
Microsoft Office 2010 Microsoft Corporation 29.08.2011 6,31MB 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 18.01.2012 40,4MB 4.0.60831.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.06.2011 1,70MB 3.1.0000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 13.02.2012 0,76MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.02.2012 0,77MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.02.2012 0,58MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.02.2012 0,59MB 9.0.30729.6161 unbekannt
Mozilla Firefox 10.0.1 (x86 de) Mozilla 13.02.2012 35,5MB 10.0.1 notwendig
Mozilla Thunderbird 9.0.1 (x86 de) Mozilla 02.01.2012 38,8MB 9.0.1 notwendig
NVIDIA 3D Vision Controller-Treiber 280.19 NVIDIA Corporation 23.10.2011 280.19 unbekannt
NVIDIA 3D Vision Treiber 280.26 NVIDIA Corporation 23.10.2011 280.26 unbekannt
NVIDIA Grafiktreiber 280.26 NVIDIA Corporation 23.10.2011 280.26 unbekannt
NVIDIA HD-Audiotreiber 1.2.23.3 NVIDIA Corporation 23.10.2011 1.2.23.3 unbekannt
NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 23.10.2011 9.10.0514 unbekannt
NVIDIA Update 1.4.28 NVIDIA Corporation 23.10.2011 1.4.28 unbekannt
OpenOffice.org 3.3 OpenOffice.org 13.02.2012 415MB 3.3.9567 notwendig
Pando Media Booster Pando Networks Inc. 23.11.2011 5,47MB 2.6.0.1 unbekannt
PARTNER-CTR Capture - Ver1.04.1000 Kyoto Microcomputer Co.,Ltd. 02.01.2012 1.04.1000 unbekannt
PriceGong 2.5.4 PriceGong 14.12.2011 2.5.4 unbekannt
QuickTime Apple Inc. 14.12.2011 73,3MB 7.71.80.42 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.10.2011 6.0.1.6410 unbekannt
Skype™ 5.5 Skype Technologies S.A. 04.01.2012 19,1MB 5.5.124 notwendig
Steam Valve Corporation 23.11.2011 35,5MB 1.0.0.0 notwendig
SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 14.12.2011 4,75MB 3.6.0003 unnötig
SweetIM Toolbar for Internet Explorer 4.2 SweetIM Technologies Ltd. 14.12.2011 4,13MB 4.2.0004 unnötig
VLC media player 1.1.11 VideoLAN 14.12.2011 1.1.11 notwendig
Windows Live Essentials Microsoft Corporation 29.06.2011 15.4.3538.0513 unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 28.06.2011 5,38MB 15.4.5722.2 unbekannt
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 28.06.2011 5,38MB 15.4.5722.2
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 28.06.2011 5,38MB 15.4.5722.2

markusg · 16.02.2012, 11:01

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
deinstaliere:
Apple : alle
AVS : alle
AVS4YOU
Babylon
Bing
Control ActiveX
DealPly
Deponia
DivX-Setup
Dota
Free CD
Google Toolbar
Heroes of Newerth
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
League of Legends
Mozilla Firefox : kannst du dir keine komplett umstieg auf chrome vorstellen, er ist sicherer und sollte auch schneller sein als der ff, den sollte man dann komplett runter tun.

deinstaliere:
PARTNER-CTR
PriceGong
SweetIM : alle
Windows Live : alle unnötigen

öffne otl, bereinigen, neustart.
öffne ccleaner, analysieren, bereinigen, neustart, testen ob alles nach wunsch läuft

Marth89 · 16.02.2012, 12:14

Erledigt! Sieht bislang alles gut aus. Läuft alles perfekt!
Schönen Dank nochmal.

markusg · 16.02.2012, 13:22

der pc muss abgesichert werden.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
https://www.google.com/chrome?hl=de
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser