OnlineBanking gesperrt....

OnlineBankin · 06.03.2012, 16:27

Hallo,

Mein OnlineBanking wurde eben von meiner Bank gesperrt.

Grund:
Nach dem Einloggen im OnlineBanking kam ich nicht, wie gewöhnlich zu meiner Kontenübersicht, sondern sollte aus Sicherheitsgründen persönliche Daten und Daten zu meiner EC-Karte eingeben. Da die Seite aber nicht gut gemacht war (z.B. Fehlende verlinkungen hinter den Buttons) habe ich mich mit meiner Bank in Verbindung gesetzt....Die konnten mir nur sagen, das es ein Trojaner bei mir auf dem Rechner ist, aber nicht was für einer und wie ich den wieder los werde.

Ich habe es schon mit HighJackThis probiert, aber das Logfile hat mir nichts kritisches ausgeworfen. Daher habe ich es nun mit der OLT.exe probiert und stelle euch das Logfile zur Verfügung, in der Hoffnung, dass ihr da mehr drin erkennen könnt als ich.

Vielen Dank!!!

Code:

ATTFilter

OTL logfile created on: 06.03.2012 16:10:02 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\*****\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 35,51% Memory free
7,47 Gb Paging File | 4,99 Gb Available in Paging File | 66,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 83,51 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 67,14 Gb Free Space | 45,16% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\NetBeans 6.9.1\bin\netbeans.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WinClientShellExtensionContextMenu\1.0.0.30__9fb6a8250b54c137\WinClientShellExtensionContextMenu.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ClientExecuteUtils\1.0.0.13__0364d91cd0218e60\ClientExecuteUtils.dll ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NetBeans 6.9.1\platform\lib\nbexec.dll ()
MOD - C:\Program Files (x86)\NetBeans 6.9.1\bin\netbeans.exe ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.DEU ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 C3 2D 7C F0 62 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=53BF302F-2432-40EC-9897-6FD187B20AD2&apn_sauid=8DD55EDB-75F3-48DF-A7BD-1FC461DEBE47
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.25 13:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.23 23:05:00 | 000,000,000 | ---D | M]
 
[2010.10.06 07:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.02 18:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n3yzjcer.default\extensions
[2012.03.02 18:57:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n3yzjcer.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.06.10 20:36:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n3yzjcer.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.15 11:29:46 | 000,002,567 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\searchplugins\askcom.xml
[2011.07.07 05:49:52 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\searchplugins\icqplugin.xml
[2012.03.02 18:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.11 22:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.11 13:05:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.14 19:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.06 05:32:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.06 05:32:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 05:32:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.06 05:32:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.06 05:32:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.19 12:35:37 | 000,000,900 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	172.16.8.236	b70.informatik.fh-gelsenkirchen.de
O1 - Hosts: 	172.16.8.198	docuware
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20C0BD2E-72CA-4C18-91A5-E783CF3B64F7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F994295-490B-4284-B9AE-879AFEDEB7C1}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77022656-7965-484C-9ECD-5A11C554512F}: DhcpNameServer = 192.168.100.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C75D6B1-2F51-4DDC-AA84-75D16169DD14}: DhcpNameServer = 172.16.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A821F04C-CA70-4048-A754-862DB94F0A18}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1de11be2-b23d-11e0-99af-002318394b89}\Shell - "" = AutoRun
O33 - MountPoints2\{1de11be2-b23d-11e0-99af-002318394b89}\Shell\AutoRun\command - "" = F:\Start.bat
O33 - MountPoints2\{5e0330fb-d15c-11df-887b-0026b6e96a99}\Shell - "" = AutoRun
O33 - MountPoints2\{5e0330fb-d15c-11df-887b-0026b6e96a99}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e033104-d15c-11df-887b-0026b6e96a99}\Shell - "" = AutoRun
O33 - MountPoints2\{5e033104-d15c-11df-887b-0026b6e96a99}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{97cf6600-6721-11e0-93d0-002318394b89}\Shell - "" = AutoRun
O33 - MountPoints2\{97cf6600-6721-11e0-93d0-002318394b89}\Shell\AutoRun\command - "" = F:\Start.bat
O33 - MountPoints2\{c00593e6-cedf-11df-a403-d70ef6811c85}\Shell - "" = AutoRun
O33 - MountPoints2\{c00593e6-cedf-11df-a403-d70ef6811c85}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d29babe2-e5df-11e0-80ca-0026b6e96a99}\Shell - "" = AutoRun
O33 - MountPoints2\{d29babe2-e5df-11e0-80ca-0026b6e96a99}\Shell\AutoRun\command - "" = G:\PdtStart.exe
O33 - MountPoints2\{eb98e995-d621-11df-ac18-0026b6e96a99}\Shell - "" = AutoRun
O33 - MountPoints2\{eb98e995-d621-11df-ac18-0026b6e96a99}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 16:08:52 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.03.06 15:49:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.03.06 15:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.06 15:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.06 15:48:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.06 15:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.06 15:47:42 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.06 15:39:44 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HousecallLauncher64.exe
[2012.03.06 15:38:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups
[2012.03.06 15:22:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2012.03.05 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Beispiele
[2012.03.05 13:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ocxyufa
[2012.03.05 13:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Imcisai
[2012.03.04 12:56:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MOVAVI
[2012.03.04 12:43:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.03.04 12:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.04 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.03.02 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Garmin
[2012.02.29 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\SwingExcerises
[2012.02.29 14:44:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\SourceCode
[2012.02.26 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun
[2012.02.24 21:49:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ISY
[2012.02.16 15:10:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Medion-NB
[2012.02.16 14:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\toshiba
[2012.02.16 13:15:08 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.16 13:14:51 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.16 13:14:51 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.16 13:14:47 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.16 13:14:34 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.02.16 13:14:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 13:14:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 13:14:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 13:14:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 13:14:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 13:14:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 20:12:43 | 000,035,008 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\drivers\PGEffect.sys
[2012.02.15 20:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2012.02.15 20:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2012.02.15 20:06:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2012.02.15 20:06:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.02.15 20:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.15 20:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.02.15 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.02.10 12:01:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TempDIR
[2012.02.06 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\musik
[2012.02.06 11:45:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.16 11:21:39 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.16 11:21:39 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.16 11:21:39 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.16 11:21:39 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 16:08:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.03.06 16:08:48 | 000,000,120 | ---- | M] () -- C:\Users\***\Desktop\oB7C92_D.htm.part.htm
[2012.03.06 15:51:52 | 000,853,787 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache
[2012.03.06 15:50:16 | 000,112,711 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache
[2012.03.06 15:48:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.06 15:47:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.06 15:39:59 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.03.06 15:39:48 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HousecallLauncher64.exe
[2012.03.06 15:23:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2012.03.06 12:13:15 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 12:13:15 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.06 12:13:15 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.06 12:13:15 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.06 12:13:15 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.06 08:20:51 | 000,014,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 08:20:51 | 000,014,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 08:12:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 08:12:02 | 3007,647,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.06 00:55:44 | 000,000,110 | ---- | M] () -- C:\Users\***\AppData\Roaming\GoodnightTimer.ini
[2012.03.05 21:12:47 | 002,050,494 | ---- | M] () -- C:\Users\***\Desktop\Teil2.pdf
[2012.03.05 21:12:40 | 002,818,436 | ---- | M] () -- C:\Users\***\Desktop\Teil1.pdf
[2012.03.05 20:45:33 | 000,006,128 | ---- | M] () -- C:\Users\***\Desktop\Editor.zip
[2012.03.05 20:04:53 | 000,258,015 | ---- | M] () -- C:\Users\***\Desktop\editor.jar
[2012.03.05 19:43:20 | 000,114,103 | ---- | M] () -- C:\Users\***\Desktop\Netbeans-Ereignisse.jpg
[2012.03.04 12:56:54 | 000,005,082 | ---- | M] () -- C:\ProgramData\ojobkspa.ako
[2012.03.04 12:43:35 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.03 11:22:59 | 005,247,422 | ---- | M] () -- C:\Users\***\Desktop\Video_00007.wmv
[2012.03.03 11:09:37 | 001,934,960 | ---- | M] () -- C:\Users\***\Desktop\Video_00003.wmv
[2012.03.03 11:09:01 | 000,044,564 | ---- | M] () -- C:\Users\***\Desktop\Photo_00004.jpg
[2012.03.03 11:08:46 | 000,045,058 | ---- | M] () -- C:\Users\***\Desktop\Photo_00003.jpg
[2012.03.03 11:06:07 | 005,774,228 | ---- | M] () -- C:\Users\***\Desktop\Video_00002.wmv
[2012.03.01 23:05:36 | 001,704,654 | ---- | M] () -- C:\Users\***\Desktop\017.JPG
[2012.03.01 23:05:36 | 001,464,298 | ---- | M] () -- C:\Users\***\Desktop\177.JPG
[2012.03.01 19:15:52 | 000,017,648 | ---- | M] () -- C:\Users\***\Desktop\MTG77242205_60_20120229.pdf
[2012.02.29 14:40:06 | 001,142,515 | ---- | M] () -- C:\Users\***\Desktop\Grafik-Progammierung mit Java Swing (Beispiele).zip
[2012.02.28 16:58:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.25 17:16:58 | 000,002,104 | ---- | M] () -- C:\Users\***\Desktop\NetBeans IDE 6.9.1.lnk
[2012.02.18 08:34:42 | 000,420,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 16:08:35 | 000,000,120 | ---- | C] () -- C:\Users\***\Desktop\oB7C92_D.htm.part.htm
[2012.03.06 15:51:52 | 000,853,787 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.03.06 15:50:16 | 000,112,711 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.03.06 15:48:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.06 15:39:59 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.03.05 21:12:40 | 002,818,436 | ---- | C] () -- C:\Users\***\Desktop\Teil1.pdf
[2012.03.05 20:45:32 | 000,006,128 | ---- | C] () -- C:\Users\***\Desktop\Editor.zip
[2012.03.05 20:04:53 | 000,258,015 | ---- | C] () -- C:\Users\***\Desktop\editor.jar
[2012.03.05 19:43:19 | 000,114,103 | ---- | C] () -- C:\Users\***\Desktop\Netbeans-Ereignisse.jpg
[2012.03.04 14:24:50 | 002,050,494 | ---- | C] () -- C:\Users\***\Desktop\Teil2.pdf
[2012.03.04 12:56:54 | 000,005,082 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2012.03.04 12:55:40 | 136,077,824 | ---- | C] () -- C:\Users\***\Desktop\P1000014.MOV
[2012.03.04 12:43:35 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.03 11:25:02 | 000,045,058 | ---- | C] () -- C:\Users\***\Desktop\Photo_00003.jpg
[2012.03.03 11:25:02 | 000,044,564 | ---- | C] () -- C:\Users\***\Desktop\Photo_00004.jpg
[2012.03.03 11:24:42 | 001,934,960 | ---- | C] () -- C:\Users\***\Desktop\Video_00003.wmv
[2012.03.03 11:24:41 | 005,774,228 | ---- | C] () -- C:\Users\***\Desktop\Video_00002.wmv
[2012.03.03 11:24:40 | 005,247,422 | ---- | C] () -- C:\Users\***\Desktop\Video_00007.wmv
[2012.03.01 23:05:36 | 001,704,654 | ---- | C] () -- C:\Users\***\Desktop\017.JPG
[2012.03.01 23:05:36 | 001,464,298 | ---- | C] () -- C:\Users\***\Desktop\177.JPG
[2012.03.01 19:15:52 | 000,017,648 | ---- | C] () -- C:\Users\***\Desktop\MTG77242205_60_20120229.pdf
[2012.02.29 14:40:09 | 001,142,515 | ---- | C] () -- C:\Users\***\Desktop\Grafik-Progammierung mit Java Swing (Beispiele).zip
[2012.02.25 17:16:58 | 000,002,104 | ---- | C] () -- C:\Users\***\Desktop\NetBeans IDE 6.9.1.lnk
[2012.02.23 23:05:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.12.01 14:30:01 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.07 12:18:44 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011.05.11 17:54:21 | 000,000,702 | ---- | C] () -- C:\Users\***\AppData\Roaming\DocuWare.Wrapper.DW4Client.dll.config
[2011.04.29 12:49:17 | 000,000,043 | ---- | C] () -- C:\Windows\docuware.ini
[2011.04.09 12:33:56 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.03.21 21:22:53 | 000,000,110 | ---- | C] () -- C:\Users\***\AppData\Roaming\GoodnightTimer.ini
[2011.01.09 17:14:55 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2010.10.16 11:21:39 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.16 11:21:39 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.16 11:21:01 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2010.10.16 11:21:01 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2010.10.16 11:21:01 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2010.10.16 11:21:01 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2010.10.16 11:21:01 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2010.10.16 11:20:43 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\vtssm32.dll
[2010.07.28 20:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.07.28 20:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.07.28 20:08:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.07.28 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.07.28 19:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 06.03.2012 16:10:02 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\****\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 35,51% Memory free
7,47 Gb Paging File | 4,99 Gb Available in Paging File | 66,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 83,51 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 67,14 Gb Free Space | 45,16% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{64A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11 (64-bit)
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPROR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPROR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPROR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.VISIOR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPROR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.VISIOR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.VISIOR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.VISIOR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{68245C0F-ADED-4CFE-A433-641D1DA0C1AA}" = DocuWare eLearning-Trainings
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{DAD2B9D2-385F-4E80-8A12-2901F3F75392}" = DocuWare 5 Client
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"agorum core Windows Client" = agorum core Windows Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"FreePDF_XP" = FreePDF (Remove only)
"Goodnight Timer_is1" = Goodnight Timer 1.1
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GPL Ghostscript 9.02" = GPL Ghostscript
"IrfanView" = IrfanView (remove only)
"Liferay Social Office 1.5b" = Liferay Social Office 1.5b
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"OpenVPN" = OpenVPN 2.1.4
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ARIS Express 2.3" = ARIS Express 2.3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.03.2012 07:59:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.03.2012 07:59:38 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.03.2012 07:59:39 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.03.2012 07:59:45 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe,
 Version: 1.32.4.0, Zeitstempel: 0x4f2166d3  Name des fehlerhaften Moduls: igdumd32.dll,
 Version: 8.15.10.2189, Zeitstempel: 0x4c509af8  Ausnahmecode: 0xc0000409  Fehleroffset:
 0x00016776  ID des fehlerhaften Prozesses: 0xa4c  Startzeit der fehlerhaften Anwendung:
 0x01ccf9fe4741b3ac  Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\igdumd32.dll  Berichtskennung: 886f92d8-65f1-11e1-b493-002318394b89
 
Error - 04.03.2012 07:59:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.03.2012 07:59:59 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.03.2012 08:00:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe,
 Version: 1.32.4.0, Zeitstempel: 0x4f2166d3  Name des fehlerhaften Moduls: igdumd32.dll,
 Version: 8.15.10.2189, Zeitstempel: 0x4c509af8  Ausnahmecode: 0xc0000409  Fehleroffset:
 0x00016776  ID des fehlerhaften Prozesses: 0xa44  Startzeit der fehlerhaften Anwendung:
 0x01ccf9fe52ce42e6  Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\igdumd32.dll  Berichtskennung: 9202467b-65f1-11e1-b493-002318394b89
 
Error - 04.03.2012 13:28:29 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.03.2012 03:24:37 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.03.2012 03:12:24 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 03.03.2012 05:37:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management
 Service" wurde nicht richtig gestartet.
 
Error - 04.03.2012 06:46:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management
 Service" wurde nicht richtig gestartet.
 
Error - 04.03.2012 13:29:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management
 Service" wurde nicht richtig gestartet.
 
Error - 04.03.2012 13:31:57 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.03.2012 03:25:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management
 Service" wurde nicht richtig gestartet.
 
Error - 05.03.2012 03:27:16 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 06.03.2012 03:13:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management
 Service" wurde nicht richtig gestartet.
 
Error - 06.03.2012 03:14:39 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 06.03.2012 10:41:52 | Computer Name = ***-PC | Source = bowser | ID = 8016
Description = 
 
Error - 06.03.2012 10:41:59 | Computer Name = ***-PC | Source = bowser | ID = 8016
Description = 
 
 
< End of report >

markusg · 06.03.2012, 16:31

hi
öffne malwarebytes, berichte poste alle bisher erstellten logs

OnlineBankin · 06.03.2012, 16:44

Malwarbytes hat bei dem schnellenScan nichts gefunden....
Beim intensiven Scan kam dies heraus:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Schroeder :: ***-PC [Administrator]

Schutz: Aktiviert

06.03.2012 15:56:07
mbam-log-2012-03-06 (16-42-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207102
Laufzeit: 43 Minute(n), 19 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Schroeder\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.

(Ende)

markusg · 06.03.2012, 16:58

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

OnlineBankin · 06.03.2012, 18:05

hier nun das LogFile aus ComboFix:

Code:

ATTFilter

ComboFix 12-03-04.02 - *** 06.03.2012  17:49:57.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3824.2004 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90E84236-04C9-4FCE-8A8C-746F64BAC31C}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C2B3FF7D-1F38-4AEC-AD4A-2555D264929E}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CFDA6994-7708-4A11-9A84-13A5E4AB2530}.xps
c:\users\***\AppData\Local\TempDIR
c:\users\***\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\***\Documents\~WRL0156.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-06 bis 2012-03-06  ))))))))))))))))))))))))))))))
.
.
2012-03-06 16:55 . 2012-03-06 16:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-06 16:37 . 2012-03-06 16:37	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2012-03-06 16:31 . 2012-01-31 07:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-06 16:31 . 2012-01-31 07:56	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-06 16:31 . 2011-09-16 15:08	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-06 16:31 . 2012-03-06 16:31	--------	d-----w-	c:\programdata\Avira
2012-03-06 16:31 . 2012-03-06 16:31	--------	d-----w-	c:\program files (x86)\Avira
2012-03-06 14:49 . 2012-03-06 14:49	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-03-06 14:48 . 2012-03-06 14:48	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-06 14:48 . 2012-03-06 14:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 14:48 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-06 07:18 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE48E158-1852-4E2F-A5AE-E06E7972C16C}\mpengine.dll
2012-03-05 12:41 . 2012-03-06 14:13	--------	d-----w-	c:\users\***\AppData\Roaming\Ocxyufa
2012-03-05 12:41 . 2012-03-05 12:41	--------	d-----w-	c:\users\***\AppData\Roaming\Imcisai
2012-03-04 11:56 . 2012-03-04 11:56	--------	d-----w-	c:\users\***\AppData\Roaming\MOVAVI
2012-03-04 11:43 . 2012-03-04 11:44	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2012-03-04 11:43 . 2012-03-04 11:43	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-03-02 17:57 . 2012-03-02 17:57	--------	d-----w-	c:\users\***\AppData\Roaming\Garmin
2012-02-16 13:25 . 2012-02-16 13:25	--------	d-----w-	c:\users\***\AppData\Roaming\toshiba
2012-02-16 12:15 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 12:15 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-15 19:12 . 2009-06-22 16:06	35008	----a-w-	c:\windows\system32\drivers\PGEffect.sys
2012-02-15 19:12 . 2012-02-15 19:12	--------	d-----w-	c:\program files (x86)\TOSHIBA
2012-02-15 19:06 . 2012-03-03 11:05	--------	d-----w-	c:\users\***\AppData\Roaming\Skype
2012-02-15 19:06 . 2012-02-15 19:06	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-02-15 19:06 . 2012-02-15 19:06	--------	d-----r-	c:\program files (x86)\Skype
2012-02-15 19:06 . 2012-02-15 19:06	--------	d-----w-	c:\programdata\Skype
2012-02-06 10:45 . 2012-02-06 10:45	--------	d-----w-	c:\users\***\AppData\Roaming\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 15:58 . 2011-06-27 20:43	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-10-03 12:42	279656	------w-	c:\windows\system32\MpSigStub.exe
2009-10-07 07:46 . 2010-10-16 10:21	626688	----a-w-	c:\program files (x86)\Common Files\sapconsaccess.dll
2009-10-07 07:46 . 2010-10-16 10:21	40960	----a-w-	c:\program files (x86)\Common Files\DigitalSignature.ocx
2009-10-07 07:46 . 2010-10-16 10:21	3145728	----a-w-	c:\program files (x86)\Common Files\sapxlhelper.dll
2009-10-07 07:46 . 2010-10-16 10:21	192512	----a-w-	c:\program files (x86)\Common Files\sapconsr3.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]
@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"
[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"172.16.8.236,255.255.255.255,192.168.234.51,1"=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2009-08-20 259440]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]
@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"
[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"172.16.8.236,255.255.255.255,192.168.234.51,1"=""
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com?o=15788&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Liferay Social Office 1.5b - c:\liferay\Social Office 1.5b\bin\uninstall.exe
AddRemove-ARIS Express 2.3 - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-06  18:02:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-06 17:02
.
Vor Suchlauf: 14 Verzeichnis(se), 88.963.969.024 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 89.824.333.824 Bytes frei
.
- - End Of File - - 5D8AB4103CBA64CA4BDECB6D3E36B90D

markusg · 06.03.2012, 18:30

hi
*** durch nutzernamen ersetzen damit es funktioniert

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL

 :Files
c:\users\***\AppData\Roaming\Ocxyufa
c:\users\***\AppData\Roaming\Imcisai
c:\users\***\AppData\Roaming\MOVAVI
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

OnlineBankin · 06.03.2012, 18:46

so, der Upload hat erfolgreich geklappt

und hier ist das LogFile:

Code:

ATTFilter

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: ***
->Flash cache emptied: 101860 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 270897 bytes
->Temporary Internet Files folder emptied: 89457445 bytes
->Java cache emptied: 164145092 bytes
->FireFox cache emptied: 118127360 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 355,00 mb
 
 
OTL by OldTimer - Version 3.2.35.1 log created on 03062012_183726

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

markusg · 06.03.2012, 18:51

sieht nicht so aus als hättest du das ganze script kopiert.
es geht los mit :OTL bis zur reboot zeile, *** durch nutzernamen ersetzen wie gesagt nicht vergessen

OnlineBankin · 06.03.2012, 19:00

hmmm, ich hab den gesamten Inhalt der Textdatei gepostet (bzw. nochmal in überarbeiter Form oben hinzugefügt), der nach dem Reboot angezeigt worden ist. Der ist so...und fängt nicht mit :OTL an

(((

Oder sollte ich das nochmal ein OTL-Scan durchführen?

markusg · 06.03.2012, 19:10

dann anders
wieder *** durch nutzernamen ersetzen

start programme zubehör editor reinkopieren.
killall::
Folder::
c:\users\***\AppData\Roaming\Ocxyufa
c:\users\***\AppData\Roaming\Imcisai
c:\users\***\AppData\Roaming\MOVAVI

datei speichern unter, typ alle dateien, ort, dort wo sich combofix.exe befindet, typ alle dateien, name:
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten.

OnlineBankin · 06.03.2012, 19:33

hier das neue Log-File vom ComboFix:

Code:

ATTFilter

ComboFix 12-03-04.02 - *** 06.03.2012  19:21:53.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3824.2631 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Imcisai
c:\users\***\AppData\Roaming\Imcisai\idubsi.exe
c:\users\***\AppData\Roaming\MOVAVI
c:\users\***\AppData\Roaming\MOVAVI\MainLog\mainlog2.log
c:\users\***\AppData\Roaming\MOVAVI\MainLog\sys_info.txt
c:\users\***\AppData\Roaming\Ocxyufa
c:\users\***\AppData\Roaming\Ocxyufa\hyeqyx.oft
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-06 bis 2012-03-06  ))))))))))))))))))))))))))))))
.
.
2012-03-06 18:26 . 2012-03-06 18:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-06 17:37 . 2012-03-06 17:43	--------	d-----w-	C:\_OTL
2012-03-06 14:49 . 2012-03-06 14:49	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-03-06 14:48 . 2012-03-06 14:48	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-06 14:48 . 2012-03-06 14:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 14:48 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-06 07:18 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE48E158-1852-4E2F-A5AE-E06E7972C16C}\mpengine.dll
2012-03-04 11:43 . 2012-03-04 11:44	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2012-03-04 11:43 . 2012-03-04 11:43	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-03-02 17:57 . 2012-03-02 17:57	--------	d-----w-	c:\users\***\AppData\Roaming\Garmin
2012-02-16 13:25 . 2012-02-16 13:25	--------	d-----w-	c:\users\***\AppData\Roaming\toshiba
2012-02-16 12:15 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 12:15 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-15 19:12 . 2009-06-22 16:06	35008	----a-w-	c:\windows\system32\drivers\PGEffect.sys
2012-02-15 19:12 . 2012-02-15 19:12	--------	d-----w-	c:\program files (x86)\TOSHIBA
2012-02-15 19:06 . 2012-03-03 11:05	--------	d-----w-	c:\users\***\AppData\Roaming\Skype
2012-02-15 19:06 . 2012-02-15 19:06	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-02-15 19:06 . 2012-02-15 19:06	--------	d-----r-	c:\program files (x86)\Skype
2012-02-15 19:06 . 2012-02-15 19:06	--------	d-----w-	c:\programdata\Skype
2012-02-06 10:45 . 2012-02-06 10:45	--------	d-----w-	c:\users\***\AppData\Roaming\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 15:58 . 2011-06-27 20:43	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-10-03 12:42	279656	------w-	c:\windows\system32\MpSigStub.exe
2009-10-07 07:46 . 2010-10-16 10:21	626688	----a-w-	c:\program files (x86)\Common Files\sapconsaccess.dll
2009-10-07 07:46 . 2010-10-16 10:21	40960	----a-w-	c:\program files (x86)\Common Files\DigitalSignature.ocx
2009-10-07 07:46 . 2010-10-16 10:21	3145728	----a-w-	c:\program files (x86)\Common Files\sapxlhelper.dll
2009-10-07 07:46 . 2010-10-16 10:21	192512	----a-w-	c:\program files (x86)\Common Files\sapconsr3.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-06_16.57.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-03 11:52 . 2012-03-06 17:42	51848              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-06 17:42	33606              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-03 11:19 . 2012-03-06 17:42	15484              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1589883488-2376610187-1100701142-1000_UserData.bin
+ 2010-10-03 10:52 . 2012-03-06 18:27	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-03 10:52 . 2012-03-06 16:56	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-03 10:52 . 2012-03-06 18:27	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-03 10:52 . 2012-03-06 16:56	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 18:27	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 16:56	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-03 14:08 . 2012-03-06 16:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-03 14:08 . 2012-03-06 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-03 14:08 . 2012-03-06 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-03 14:08 . 2012-03-06 16:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-06 18:27 . 2012-03-06 18:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-06 16:56 . 2012-03-06 16:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 18:27 . 2012-03-06 18:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-06 16:56 . 2012-03-06 16:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-06 11:13	619146              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-06 17:43	619146              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-03-06 11:13	657910              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-03-06 17:43	657910              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-06 17:43	107466              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-06 11:13	107466              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-03-06 11:13	131250              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-03-06 17:43	131250              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-06 16:55	392496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-06 18:26	392496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]
@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"
[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"172.16.8.236,255.255.255.255,192.168.234.51,1"=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2009-08-20 259440]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]
@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"
[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"172.16.8.236,255.255.255.255,192.168.234.51,1"=""
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com?o=15788&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-06  19:32:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-06 18:32
ComboFix2.txt  2012-03-06 17:02
.
Vor Suchlauf: 19 Verzeichnis(se), 90.550.685.696 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 90.451.685.376 Bytes frei
.
- - End Of File - - 2DC678B978328A1CEB4BE82A8934FAD5

markusg · 06.03.2012, 19:50

das ging.
öffne mal computer, c: qoobox.
rechtsklick quarantain, ebenfalls packen und wie moved files hochladen.

OnlineBankin · 06.03.2012, 19:56

Quarantine.zip hab ich erfolgreich hochgeladen

markusg · 06.03.2012, 20:01

danke.
also, du hast den zbot trojaner.
das sicherste wäre es hier, komplett neu aufzusetzen.
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf einen externen Datenträger (USB-Platte): http://www.trojaner-board.de/82533-d...ted-magic.html
Bider, Dokumente, Musik, Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neuinstallieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
Recovery CD oder Recovery Partition?
falls dies ein Fertig-PC ist, nenne Hersteller + Typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

OnlineBankin · 06.03.2012, 20:08

Danke, dann weiß ich bescheid

06.03.2012, 16:31	#2
markusg /// Malware-holic	OnlineBanking gesperrt.... hi öffne malwarebytes, berichte poste alle bisher erstellten logs __________________ __________________

OnlineBanking gesperrt....

Log-Analyse und Auswertung: OnlineBanking gesperrt....