Hallo Trojaner-Board Community,

ich bin seit gestern ein neues Mitglied der Community. Ich habe mir leider ein paar böse Trojaner eingefangen und würde mich sehr darüber freuen, wenn Ihr mir bei der Beseitigung helfen könntet.

Ich habe bereits 3 Scans mit Malwarebytes durchgeführt. Im ersten/zweiten Test wurden 18/15 infizierte Dateien gefunden und ich habe diese entfernen lassen. Im Anschluss habe ich den Vollständigen Suchlauf laufen lassen und es konnte keine weitere inifzierte Datei gefunden werden.
Ist somit das Problem behoben? Über eure Antworten freue ich mich sehr.

Anbei die Logs.

Scan Nummer 1

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: xxx-PC [Administrator]

Schutz: Aktiviert

02.03.2012 01:47:02
mbam-log-2012-03-02 (01-47-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198189
Laufzeit: 12 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Local\Temp\0.1574218895702636g8j8.exe (Exploit.Drop.4) -> Löschen bei Neustart.
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1574218895702636g8j8.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Scan Nummer 2

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User:: XXX-PC [Administrator]

Schutz: Aktiviert

02.03.2012 08:09:36
mbam-log-2012-03-02 (08-09-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197753
Laufzeit: 10 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Scan
Nummer 3

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: XXX-PC [limitiert]

Schutz: Aktiviert

02.03.2012 08:24:27
mbam-log-2012-03-02 (08-24-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340985
Laufzeit: 2 Stunde(n), 45 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Viele Grüß euer Klecks

Ist das systematisch so gewollt? Quickscans als Admin, Vollscans als einfacher User, das kann nichts werden!
Mach bitte immer Scans und v.a. die Vollscans mit Adminrechten!

Habe nun den ausführlichen Scan durchlaufen lassen. Hier ist das Ergebnis

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEX-PC [Administrator]

Schutz: Deaktiviert

03.03.2012 07:11:13
mbam-log-2012-03-03 (07-11-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342747
Laufzeit: 11 Stunde(n), 59 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Was sollte ich nun als nächstes tun? Oder besteht für mich keine Gefahr mehr?

Liebe Grüße Klecks

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hi Arne,

ich habe den Eset Test wie von dir beschrieben durchgeführt.
Hier ist das Ergebnis.

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27f19886ff84fd47874d1eac88f15ad2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-08 10:11:36
# local_time=2012-03-08 11:11:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 34914208 34914208 0 0
# compatibility_mode=5893 16776573 100 94 116389 82802479 0 0
# compatibility_mode=8192 67108863 100 0 195931 195931 0 0
# scanned=696159
# found=2
# cleaned=2
# scan_time=30208
C:\$Recycle.Bin\S-1-5-21-1848404816-2837144999-1178208014-1001\$R4ZF18P.exe	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C
         

Liebe Grüße Klecks

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne,

anbei der Log vom OTL Scan.

Liebe Grüße Klecks

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code: Alles auswählenAufklappen

ATTFilter

:OTL
FF - prefs.js..network.proxy.http: "88.198.182.215"
FF - prefs.js..network.proxy.http_port: 3128
IE - HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.46.145.213:1080
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell - "" = AutoRun
O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell\AutoRun\command - "" = F:\Install.exe
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\pdfforge
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Anbei der Log vom letzten Scan. Vielen Dank für deine Hilfe!!!

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "88.198.182.215" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found.
File F:\Install.exe not found.
C:\Users\xxx\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\xxx\AppData\Roaming\pdfforge folder moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: xxx
->Temp folder emptied: 1443176115 bytes
->Temporary Internet Files folder emptied: 86362564 bytes
->Java cache emptied: 5805909 bytes
->FireFox cache emptied: 799074626 bytes
->Flash cache emptied: 1226563 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136525243 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.358,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.1 log created on 03092012_160239

Files\Folders moved on Reboot...
File move failed. D:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Code: Alles auswählenAufklappen

ATTFilter

 16:31:57.0331 428616	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:31:59.0334 428616	============================================================
16:31:59.0335 428616	Current date / time: 2012/03/10 16:31:59.0334
16:31:59.0335 428616	SystemInfo:
16:31:59.0335 428616	
16:31:59.0335 428616	OS Version: 6.1.7601 ServicePack: 1.0
16:31:59.0335 428616	Product type: Workstation
16:31:59.0335 428616	ComputerName: xxx-PC
16:31:59.0335 428616	UserName: xxx
16:31:59.0335 428616	Windows directory: C:\Windows
16:31:59.0335 428616	System windows directory: C:\Windows
16:31:59.0335 428616	Processor architecture: Intel x86
16:31:59.0335 428616	Number of processors: 2
16:31:59.0335 428616	Page size: 0x1000
16:31:59.0335 428616	Boot type: Normal boot
16:31:59.0335 428616	============================================================
16:32:02.0563 428616	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:32:02.0599 428616	\Device\Harddisk0\DR0:
16:32:02.0608 428616	GPT used
16:32:02.0658 428616	\Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ED546C72-DB30-4F0E-A91D-BB2AD22FEA7E}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
16:32:02.0658 428616	\Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {CD0B2831-753F-4AF4-8547-FEB222FC1796}, Name: Untitled, StartLBA 0x64028, BlocksNum 0xF000000
16:32:02.0658 428616	\Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D90D292A-E574-4C4A-AC7F-B29238165381}, Name: BOOTCAMP, StartLBA 0xF0A4800, BlocksNum 0xE121000
16:32:02.0658 428616	Initialize success
16:32:02.0658 428616	============================================================
16:33:00.0244 428956	============================================================
16:33:00.0244 428956	Scan started
16:33:00.0244 428956	Mode: Manual; SigCheck; TDLFS; 
16:33:00.0244 428956	============================================================
16:33:00.0305 428956	1394ohci - ok
16:33:00.0314 428956	ACPI - ok
16:33:00.0318 428956	AcpiPmi - ok
16:33:00.0329 428956	adp94xx - ok
16:33:00.0333 428956	adpahci - ok
16:33:00.0337 428956	adpu320 - ok
16:33:00.0358 428956	AFD - ok
16:33:00.0363 428956	agp440 - ok
16:33:00.0372 428956	aic78xx - ok
16:33:00.0392 428956	aliide - ok
16:33:00.0396 428956	amdagp - ok
16:33:00.0401 428956	amdide - ok
16:33:00.0405 428956	AmdK8 - ok
16:33:00.0409 428956	AmdPPM - ok
16:33:00.0414 428956	amdsata - ok
16:33:00.0419 428956	amdsbs - ok
16:33:00.0423 428956	amdxata - ok
16:33:00.0429 428956	AppID - ok
16:33:00.0467 428956	AppleBtBc - ok
16:33:00.0479 428956	AppleHFS - ok
16:33:00.0484 428956	AppleMNT - ok
16:33:00.0495 428956	applemtm - ok
16:33:00.0500 428956	applemtp - ok
16:33:00.0524 428956	arc - ok
16:33:00.0528 428956	arcsas - ok
16:33:00.0535 428956	AsyncMac - ok
16:33:00.0540 428956	atapi - ok
16:33:00.0637 428956	b06bdrv - ok
16:33:00.0650 428956	b57nd60x - ok
16:33:00.0679 428956	BCM43XX - ok
16:33:00.0688 428956	Beep - ok
16:33:00.0705 428956	blbdrive - ok
16:33:00.0736 428956	bowser - ok
16:33:00.0740 428956	BrFiltLo - ok
16:33:00.0746 428956	BrFiltUp - ok
16:33:00.0752 428956	Brserid - ok
16:33:00.0757 428956	BrSerWdm - ok
16:33:00.0761 428956	BrUsbMdm - ok
16:33:00.0766 428956	BrUsbSer - ok
16:33:00.0770 428956	BthEnum - ok
16:33:00.0775 428956	BTHMODEM - ok
16:33:00.0780 428956	BthPan - ok
16:33:00.0784 428956	BTHPORT - ok
16:33:00.0804 428956	BTHUSB - ok
16:33:00.0814 428956	cdfs - ok
16:33:00.0828 428956	cdrom - ok
16:33:00.0855 428956	circlass - ok
16:33:00.0861 428956	CLFS - ok
16:33:00.0889 428956	CmBatt - ok
16:33:00.0893 428956	cmdide - ok
16:33:00.0897 428956	CNG - ok
16:33:00.0904 428956	Compbatt - ok
16:33:00.0908 428956	CompositeBus - ok
16:33:00.0914 428956	crcdisk - ok
16:33:00.0925 428956	CSC - ok
16:33:00.0942 428956	DfsC - ok
16:33:00.0955 428956	discache - ok
16:33:00.0974 428956	Disk - ok
16:33:01.0024 428956	drmkaud - ok
16:33:01.0048 428956	DrvAgent32 - ok
16:33:01.0053 428956	DXGKrnl - ok
16:33:01.0059 428956	ebdrv - ok
16:33:01.0070 428956	elxstor - ok
16:33:01.0076 428956	ErrDev - ok
16:33:01.0086 428956	exfat - ok
16:33:01.0090 428956	fastfat - ok
16:33:01.0115 428956	fdc - ok
16:33:01.0124 428956	FileInfo - ok
16:33:01.0128 428956	Filetrace - ok
16:33:01.0133 428956	flpydisk - ok
16:33:01.0138 428956	FltMgr - ok
16:33:01.0146 428956	FsDepends - ok
16:33:01.0150 428956	Fs_Rec - ok
16:33:01.0155 428956	fvevol - ok
16:33:01.0180 428956	gagp30kx - ok
16:33:01.0240 428956	GDBehave - ok
16:33:01.0257 428956	GDMnIcpt - ok
16:33:01.0299 428956	GdNetMon - ok
16:33:01.0312 428956	GDPkIcpt - ok
16:33:01.0348 428956	gdwfpcd - ok
16:33:01.0356 428956	GEARAspiWDM - ok
16:33:01.0379 428956	giveio - ok
16:33:01.0388 428956	GRD - ok
16:33:01.0408 428956	grmnusb - ok
16:33:01.0441 428956	hcw85cir - ok
16:33:01.0460 428956	HdAudAddService - ok
16:33:01.0470 428956	HDAudBus - ok
16:33:01.0474 428956	HidBatt - ok
16:33:01.0479 428956	HidBth - ok
16:33:01.0497 428956	HidIr - ok
16:33:01.0507 428956	HidUsb - ok
16:33:01.0545 428956	HookCentre - ok
16:33:01.0557 428956	HpSAMD - ok
16:33:01.0571 428956	HTTP - ok
16:33:01.0580 428956	hwpolicy - ok
16:33:01.0591 428956	i8042prt - ok
16:33:01.0600 428956	iaStorV - ok
16:33:01.0607 428956	iirsp - ok
16:33:01.0640 428956	inpout32 - ok
16:33:01.0656 428956	IntcAzAudAddService - ok
16:33:01.0660 428956	intelide - ok
16:33:01.0664 428956	intelppm - ok
16:33:01.0670 428956	IpFilterDriver - ok
16:33:01.0679 428956	IPMIDRV - ok
16:33:01.0684 428956	IPNAT - ok
16:33:01.0693 428956	IRENUM - ok
16:33:01.0711 428956	IRRemoteFlt - ok
16:33:01.0715 428956	isapnp - ok
16:33:01.0719 428956	iScsiPrt - ok
16:33:01.0741 428956	kbdclass - ok
16:33:01.0751 428956	kbdhid - ok
16:33:01.0755 428956	KeyAgent - ok
16:33:01.0788 428956	KeyMagic - ok
16:33:01.0793 428956	KSecDD - ok
16:33:01.0797 428956	KSecPkg - ok
16:33:01.0851 428956	LHidFilt - ok
16:33:01.0865 428956	lltdio - ok
16:33:01.0877 428956	LMouFilt - ok
16:33:01.0885 428956	LSI_FC - ok
16:33:01.0889 428956	LSI_SAS - ok
16:33:01.0894 428956	LSI_SAS2 - ok
16:33:01.0898 428956	LSI_SCSI - ok
16:33:01.0909 428956	luafv - ok
16:33:01.0918 428956	MacHALDriver - ok
16:33:01.0940 428956	massfilter - ok
16:33:01.0980 428956	MBAMProtector - ok
16:33:01.0998 428956	mdf16 - ok
16:33:02.0002 428956	megasas - ok
16:33:02.0019 428956	MegaSR - ok
16:33:02.0026 428956	Modem - ok
16:33:02.0040 428956	monitor - ok
16:33:02.0054 428956	mouclass - ok
16:33:02.0060 428956	mouhid - ok
16:33:02.0070 428956	mountmgr - ok
16:33:02.0077 428956	mpio - ok
16:33:02.0080 428956	mpsdrv - ok
16:33:02.0086 428956	MRxDAV - ok
16:33:02.0092 428956	mrxsmb - ok
16:33:02.0096 428956	mrxsmb10 - ok
16:33:02.0100 428956	mrxsmb20 - ok
16:33:02.0105 428956	msahci - ok
16:33:02.0108 428956	msdsm - ok
16:33:02.0119 428956	Msfs - ok
16:33:02.0123 428956	mshidkmdf - ok
16:33:02.0128 428956	msisadrv - ok
16:33:02.0146 428956	MSKSSRV - ok
16:33:02.0152 428956	MSPCLOCK - ok
16:33:02.0156 428956	MSPQM - ok
16:33:02.0161 428956	MsRPC - ok
16:33:02.0168 428956	mssmbios - ok
16:33:02.0172 428956	MSTEE - ok
16:33:02.0176 428956	MTConfig - ok
16:33:02.0180 428956	Mup - ok
16:33:02.0185 428956	mvd23 - ok
16:33:02.0192 428956	NativeWifiP - ok
16:33:02.0200 428956	NDIS - ok
16:33:02.0204 428956	NdisCap - ok
16:33:02.0208 428956	NdisTapi - ok
16:33:02.0218 428956	Ndisuio - ok
16:33:02.0223 428956	NdisWan - ok
16:33:02.0227 428956	NDProxy - ok
16:33:02.0237 428956	Netaapl - ok
16:33:02.0243 428956	NetBIOS - ok
16:33:02.0247 428956	NetBT - ok
16:33:02.0280 428956	nfrd960 - ok
16:33:02.0287 428956	Npfs - ok
16:33:02.0312 428956	NRKCTL32 - ok
16:33:02.0318 428956	nsiproxy - ok
16:33:02.0324 428956	Ntfs - ok
16:33:02.0329 428956	Null - ok
16:33:02.0333 428956	NVENETFD - ok
16:33:02.0341 428956	nvlddmkm - ok
16:33:02.0382 428956	NVNET - ok
16:33:02.0396 428956	nvraid - ok
16:33:02.0402 428956	nvsmu - ok
16:33:02.0407 428956	nvstor - ok
16:33:02.0441 428956	nv_agp - ok
16:33:02.0451 428956	ohci1394 - ok
16:33:02.0511 428956	Parport - ok
16:33:02.0517 428956	partmgr - ok
16:33:02.0524 428956	Parvdm - ok
16:33:02.0530 428956	pci - ok
16:33:02.0535 428956	pcidrv - ok
16:33:02.0539 428956	pciide - ok
16:33:02.0543 428956	pcmcia - ok
16:33:02.0548 428956	pcw - ok
16:33:02.0552 428956	PEAUTH - ok
16:33:02.0676 428956	PptpMiniport - ok
16:33:02.0681 428956	Processor - ok
16:33:02.0713 428956	Psched - ok
16:33:02.0728 428956	ql2300 - ok
16:33:02.0733 428956	ql40xx - ok
16:33:02.0740 428956	QWAVEdrv - ok
16:33:02.0746 428956	RasAcd - ok
16:33:02.0751 428956	RasAgileVpn - ok
16:33:02.0758 428956	Rasl2tp - ok
16:33:02.0778 428956	RasPppoe - ok
16:33:02.0783 428956	RasSstp - ok
16:33:02.0787 428956	rdbss - ok
16:33:02.0791 428956	rdpbus - ok
16:33:02.0796 428956	RDPCDD - ok
16:33:02.0802 428956	RDPDR - ok
16:33:02.0807 428956	RDPENCDD - ok
16:33:02.0814 428956	RDPREFMP - ok
16:33:02.0818 428956	RDPWD - ok
16:33:02.0822 428956	rdyboost - ok
16:33:02.0836 428956	RFCOMM - ok
16:33:02.0847 428956	RimUsb - ok
16:33:02.0865 428956	rspndr - ok
16:33:02.0869 428956	s3cap - ok
16:33:02.0875 428956	sbp2port - ok
16:33:02.0882 428956	scfilter - ok
16:33:02.0895 428956	secdrv - ok
16:33:02.0907 428956	Serenum - ok
16:33:02.0911 428956	Serial - ok
16:33:02.0916 428956	sermouse - ok
16:33:02.0927 428956	sffdisk - ok
16:33:02.0933 428956	sffp_mmc - ok
16:33:02.0937 428956	sffp_sd - ok
16:33:02.0941 428956	sfloppy - ok
16:33:02.0952 428956	sisagp - ok
16:33:02.0956 428956	SiSRaid2 - ok
16:33:02.0963 428956	SiSRaid4 - ok
16:33:02.0986 428956	Smb - ok
16:33:03.0029 428956	speedfan - ok
16:33:03.0033 428956	spldr - ok
16:33:03.0046 428956	srv - ok
16:33:03.0050 428956	srv2 - ok
16:33:03.0055 428956	srvnet - ok
16:33:03.0059 428956	sscdbus - ok
16:33:03.0088 428956	sscdmdfl - ok
16:33:03.0093 428956	sscdmdm - ok
16:33:03.0113 428956	StarOpen - ok
16:33:03.0134 428956	stexstor - ok
16:33:03.0153 428956	storflt - ok
16:33:03.0162 428956	storvsc - ok
16:33:03.0167 428956	swenum - ok
16:33:03.0195 428956	Tcpip - ok
16:33:03.0199 428956	TCPIP6 - ok
16:33:03.0206 428956	tcpipreg - ok
16:33:03.0212 428956	TDPIPE - ok
16:33:03.0219 428956	TDTCP - ok
16:33:03.0223 428956	tdx - ok
16:33:03.0229 428956	TermDD - ok
16:33:03.0270 428956	tssecsrv - ok
16:33:03.0292 428956	TsUsbFlt - ok
16:33:03.0303 428956	tunnel - ok
16:33:03.0307 428956	uagp35 - ok
16:33:03.0311 428956	udfs - ok
16:33:03.0323 428956	uliagpkx - ok
16:33:03.0326 428956	umbus - ok
16:33:03.0331 428956	UmPass - ok
16:33:03.0342 428956	USBAAPL - ok
16:33:03.0373 428956	usbaudio - ok
16:33:03.0378 428956	usbccgp - ok
16:33:03.0382 428956	usbcir - ok
16:33:03.0386 428956	usbehci - ok
16:33:03.0394 428956	usbhub - ok
16:33:03.0398 428956	usbohci - ok
16:33:03.0415 428956	usbprint - ok
16:33:03.0432 428956	usbscan - ok
16:33:03.0440 428956	USBSTOR - ok
16:33:03.0449 428956	usbuhci - ok
16:33:03.0457 428956	usbvideo - ok
16:33:03.0476 428956	usb_rndisx - ok
16:33:03.0487 428956	vdrvroot - ok
16:33:03.0497 428956	vga - ok
16:33:03.0501 428956	VgaSave - ok
16:33:03.0505 428956	vhdmp - ok
16:33:03.0513 428956	viaagp - ok
16:33:03.0517 428956	ViaC7 - ok
16:33:03.0530 428956	viaide - ok
16:33:03.0534 428956	vmbus - ok
16:33:03.0538 428956	VMBusHID - ok
16:33:03.0542 428956	volmgr - ok
16:33:03.0547 428956	volmgrx - ok
16:33:03.0551 428956	volsnap - ok
16:33:03.0555 428956	vsmraid - ok
16:33:03.0562 428956	vwifibus - ok
16:33:03.0568 428956	vwififlt - ok
16:33:03.0573 428956	vwifimp - ok
16:33:03.0583 428956	WacomPen - ok
16:33:03.0587 428956	WANARP - ok
16:33:03.0591 428956	Wanarpv6 - ok
16:33:03.0617 428956	Wd - ok
16:33:03.0621 428956	Wdf01000 - ok
16:33:03.0638 428956	WfpLwf - ok
16:33:03.0643 428956	WIMMount - ok
16:33:03.0674 428956	WinUsb - ok
16:33:03.0680 428956	WmiAcpi - ok
16:33:03.0699 428956	ws2ifsl - ok
16:33:03.0713 428956	WudfPf - ok
16:33:03.0717 428956	WUDFRd - ok
16:33:03.0735 428956	ZTEusbmdm6k - ok
16:33:03.0756 428956	ZTEusbnmea - ok
16:33:03.0761 428956	ZTEusbser6k - ok
16:33:03.0809 428956	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:33:03.0974 428956	\Device\Harddisk0\DR0 - ok
16:33:03.0983 428956	Boot (0x1200)   (f00df79ecae519202bdeea2c1431628d) \Device\Harddisk0\DR0\Partition0
16:33:03.0983 428956	\Device\Harddisk0\DR0\Partition0 - ok
16:33:03.0991 428956	Boot (0x1200)   (be06d81fa7b7e864a0249b11a07c1b83) \Device\Harddisk0\DR0\Partition1
16:33:03.0992 428956	\Device\Harddisk0\DR0\Partition1 - ok
16:33:04.0003 428956	Boot (0x1200)   (5836c6d9dade5451c99c3aa2a7366c36) \Device\Harddisk0\DR0\Partition2
16:33:04.0004 428956	\Device\Harddisk0\DR0\Partition2 - ok
16:33:04.0007 428956	============================================================
16:33:04.0007 428956	Scan finished
16:33:04.0007 428956	============================================================
16:33:04.0021 428692	Detected object count: 0
16:33:04.0021 428692	Actual detected object count: 0
         

nix gefunden

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi Arne,

ich habe alles durchgeführt. Allerdings glaube ich, dass der BKA Trojaner noch vorhanden ist. Ich soll eine Zahlung von 100 Euro leisten.

Wie soll ich nun vorgehen?

OTL Scan im abgesicherten Modus.

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 11.03.2012 17:20:09 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 71,02% Memory free
5,72 Gb Paging File | 4,97 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,95 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
 
Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) --  File not found
DRV - (ZTEusbnmea) --  File not found
DRV - (ZTEusbmdm6k) --  File not found
DRV - (pcidrv) --  File not found
DRV - (NRKCTL32) --  File not found
DRV - (massfilter) --  File not found
DRV - (catchme) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M]
 
[2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar
[2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml
[2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak
[2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop
[2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software
[2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents
[2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax
[2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook
[2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot
[2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder
[2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg
[2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg
[2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
[2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82}
[2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg
[2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys
[2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
 
========== LOP Check ==========
 
[2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft
[2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost
[2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot
[2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN
[2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo
[2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ
[2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape
[2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files
[2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung
[2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE
[2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue
[2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---


p.s. ich benutze bootcamp. gdata internet security 2012 als firewall und virenprogramm. Welche zusätzlichen tools sollte ich noch beschaffen? Ich hatte bisher keine Probleme mit Viren...Es häuft sich in den letzten Woche leider.

Ich habe soeben alte Posts durchforstet.

Ich habe die dort beschriebenen Empfehlungen befolgt.
Hier OTL Scan Extras und normal

Normal:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 11.03.2012 17:37:32 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free
5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) --  File not found
DRV - (ZTEusbnmea) --  File not found
DRV - (ZTEusbmdm6k) --  File not found
DRV - (pcidrv) --  File not found
DRV - (NRKCTL32) --  File not found
DRV - (massfilter) --  File not found
DRV - (catchme) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M]
 
[2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2012.03.11 17:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions
[2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar
[2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml
[2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak
[2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.07 02:36:21 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.03.07 02:36:19 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.03.07 02:36:19 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.03.07 02:36:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.03.07 02:36:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop
[2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software
[2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.02 01:52:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents
[2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax
[2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA
[2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook
[2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot
[2012.02.16 00:17:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.16 00:17:47 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.16 00:17:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.16 00:17:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.16 00:17:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.16 00:17:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.15 12:38:49 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.15 12:22:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder
[2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg
[2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.03.09 15:27:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg
[2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf
[2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg
[2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg
[2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost
[2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG
[2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg
[2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk
[2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82}
[2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg
[2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys
[2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
 
========== LOP Check ==========
 
[2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft
[2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost
[2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot
[2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN
[2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo
[2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ
[2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape
[2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle
[2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files
[2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung
[2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software
[2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE
[2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue
[2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox
[2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
[2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
[2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---

Extras
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 11.03.2012 17:37:32 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free
5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS
Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09D25025-D7A2-47BA-99D4-3147DDD2D4A5}" = Oracle IRM Desktop
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58D335B6-B3C6-4465-AEC3-6442BC323723}" = SharpKeys
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.8.3.10)
"0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-Treiberpaket - Marvell (yukonwlh) Net  (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)
"20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"44E2556E81BCB991055DD976642491906DD3B8A0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5405F83664E016638462F8F8C1DAE59D04942778" = Windows-Treiberpaket - Apple Inc. Bluetooth  (11/23/2009 3.0.0.4)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)
"68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)
"7-Zip" = 7-Zip 9.20
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows-Treiberpaket - Broadcom (b57nd60x) Net  (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"DivX Setup.divx.com" = DivX-Setup
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"DriverAgent.exe" = DriverAgent by eSupport.com
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)
"ESET Online Scanner" = ESET Online Scanner v3
"EventGhost_is1" = EventGhost 0.3.7.r1462
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Game Booster_is1" = Game Booster
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pharos" = Pharos
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShapeCollage" = Shape Collage
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"STANDARDR" = Microsoft Office Standard 2007
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.10.2011 17:19:02 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1099479
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1100478
 
Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1100478
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1101492
 
Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1101492
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1102490
 
Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1102490
 
[ OSession Events ]
Error - 27.02.2012 10:42:16 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 06:20:17 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 06:21:13 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2012 12:57:00 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 04:17:26 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:02:20 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:02:53 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:04:14 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 66
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 09:05:21 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2012 07:26:01 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54271
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

--- --- ---