Probleme mit div. Trojanern, z.B. Sirefref.AG.35

Euphorbio · 24.06.2012, 22:23

Hallo,

Avira hat auf meinem Notebook per Echtzeitscanner 2 Viren festgestellt. Ich habe auf "Entfernen" gedrückt, Avira hat "repariert", kurz drauf aber stellt Avira erneut 2 Viren fest usw usw. Avira ist also anscheinend machtlos.

Dann habe ich per Malwarebytes-Scan weitere Viren/Trojaner entdeckt. Malwarebytes hat diese in die Quarantäne verschoben. Ob die nun beseitigt sind oder nicht, weiß ich nicht, Avira meldet auf jeden Fall laufend neue Viren.
Ich habe den Malwarebyte-Bericht angehängt und danach nochmals Maleware scannen lassen. Auch den zweiten Bericht habe ich angehängt.

Ich bin mir übrigens keiner "Schuld" bewusst, soll heißen, dass ich wissentlich keine Anhänge mir unbekannter Mails geöffnet habe etc. Mein Router fungiert gleichzeitig als Firewall, Avira läuft als Anti-Viren-Programm und die Windows-Firewall (Win7) ist aktiv. Bzw. hier liegt auch ein Problem: Sie war aktiv, ich jedenfalls habe sie nie deaktiviert, aktuell aber lässt sie sich nicht in die von Windows empfohlenen Einstellungen versetzen (vermutlich durch die Viren/Trojaner).

Zu folgenden Viren/Trojanern habe ich Warn-Meldungen erhalten:
- Sirefref.AG.35
- Atrapas.Gen2
- Small/Fl
- Crypt.Gypikon.C.3
- Inject.EP
- Crypted.Gen
- Frame.apf.6

Im Nachgang habe ich mich dann bei Google und hier auf Trojaner-Board nach den Viren gesucht, bin auf diverse Beiträge gestoßen, jedoch habe ich leider nichts im Sinne einer Lösung gefunden - daher nun dieser Post meinerseits.

Defogger hat keine Meldung ausgegeben, ich gehe also davon aus, dass diesbezüglich alles ok ist.

OTL hat bei mir nur die otl.txt erzeugt, diese folgt ein Stückchen weiter unten (und angehängt).

Die gmer.txt ist ebenfalls angehängt, ebenso wie der Report von Avira.

So, nun hoffe ich, dass ich alles ausführlich genug und richtig beschrieben habe und noch mehr hoffe ich auf Hilfe! Ganz vielen Dank dafür schonmal im Voraus!

Schönen Gruß,
Euphorbio

ab hier folgt die otl.txt
...........................................

OTL logfile created on: 22.06.2012 20:43:15 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Mathias\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,98 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,02% Memory free
5,95 Gb Paging File | 4,58 Gb Available in Paging File | 76,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,21 Gb Total Space | 104,82 Gb Free Space | 53,70% Space Free | Partition Type: NTFS
Drive D: | 89,78 Gb Total Space | 77,50 Gb Free Space | 86,33% Space Free | Partition Type: NTFS

Computer Name: MATHIAS-SAM | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.22 20:42:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Downloads\OTL.exe
PRC - [2012.06.20 18:16:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.06.14 19:15:39 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.08 18:49:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:49:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:49:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:49:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.09.01 19:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.10 00:52:40 | 012,002,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2011.04.24 01:33:18 | 042,872,672 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.25 16:01:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.26 19:10:19 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2010.04.03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.03.26 04:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.03.05 09:46:22 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2010.01.19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009.10.13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.09.12 21:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.07 19:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.06.24 09:22:00 | 002,518,528 | ---- | M] (Option) -- C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2009.05.04 16:49:20 | 000,545,792 | ---- | M] (OptionNV) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2008.05.29 10:16:22 | 000,327,680 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy ALS Manager\EasyALSManager.exe
PRC - [2007.10.29 12:14:07 | 001,593,344 | ---- | M] (AGFEO) -- C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
PRC - [2007.10.29 12:07:48 | 001,626,112 | ---- | M] (AGFEO ) -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe
PRC - [2007.09.26 20:57:01 | 000,118,784 | ---- | M] (AGFEO ) -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.20 18:16:30 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 19:15:39 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.10 00:52:42 | 002,748,416 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS5\libmysqld.dll
MOD - [2011.06.10 00:52:42 | 000,073,728 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS5\Symlib.dll
MOD - [2009.06.24 09:22:00 | 000,077,824 | ---- | M] () -- C:\Programme\Option\GlobeTrotter Connect\custom.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009.02.27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2006.05.12 13:49:58 | 000,020,480 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_xport.dll
MOD - [2006.05.12 13:49:55 | 000,020,480 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_serial.dll
MOD - [2006.05.12 13:49:51 | 000,028,672 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_lib.dll
MOD - [2005.04.26 09:10:51 | 000,061,440 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tools\styles\qwindowsxpstyle.dll
MOD - [2005.04.26 09:10:18 | 004,005,888 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tools\qt-mt334.dll
MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn -- (Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn)
SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService)
SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto | Running] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 -- (Datev.Database.Conserve)
SRV - [2012.06.20 18:16:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.14 19:15:39 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.08 18:49:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:49:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.07.25 03:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.04.24 01:33:20 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2011.04.24 01:33:18 | 042,872,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2011.02.07 16:27:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.25 16:01:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$DATEV_CL_DE01) SQL Server (DATEV_CL_DE01)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.25 21:04:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.26 19:10:19 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010.04.03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.04.03 11:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010.03.26 04:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$DATEV_CL_DE01) SQL Server-Volltextsuche (DATEV_CL_DE01)
SRV - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.03.05 09:45:22 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.05.04 16:49:20 | 000,545,792 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012.05.08 18:49:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:49:50 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.13 21:48:16 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.08.13 19:27:41 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.26 19:10:19 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010.03.17 22:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.03 11:29:10 | 001,436,560 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2009.06.27 06:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.05.13 15:57:46 | 000,066,560 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009.05.13 15:56:46 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009.05.13 15:56:24 | 000,107,520 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 71 EF 6D E4 FB CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7D41AECD-AE0B-45A3-98A3-4BB32531D019}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {c75a27d8-4529-449f-b67b-aba65d7a1c0a}:0.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.20 18:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 09:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.17 20:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.07.26 20:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2010.07.26 20:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.19 11:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\dna7torf.default\extensions
[2011.01.11 18:37:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\dna7torf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012.04.26 15:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 11:39:48 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.01.23 10:11:19 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNA7TORF.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.05.17 10:32:12 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNA7TORF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.20 18:16:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.13 17:25:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 09:48:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 09:48:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.14 09:48:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 09:48:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 09:48:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 09:48:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27BFD403-7C17-461D-889C-F931E9BD8BBF}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA65866-DE09-466E-9FB8-0499465A0EB6}: NameServer = 0.0.0.0
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.22 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.06.22 17:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.22 17:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.22 17:27:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.22 17:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.19 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Wasserleitung-Schmidsfelden
[2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.06.19 11:39:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.15 09:06:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Macromedia
[2012.06.14 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Fontviewer
[2012.05.24 00:46:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Seminar Rückschnitt 09+10+11
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.22 20:41:37 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable
[2012.06.22 20:37:58 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 20:37:58 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 20:29:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.22 20:29:06 | 2399,023,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.22 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 17:59:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.22 17:27:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.22 13:15:10 | 000,000,013 | ---- | M] () -- C:\AktProjektAdresse.csr
[2012.06.21 16:41:14 | 000,001,456 | ---- | M] () -- C:\Users\Mathias\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.21 13:16:07 | 000,860,104 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.21 13:16:07 | 000,798,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.21 13:16:07 | 000,209,568 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.21 13:16:07 | 000,172,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 12:41:44 | 032,563,200 | ---- | M] () -- C:\Users\Mathias\Desktop\DatenPflege+Statistik.mdb
[2012.06.20 13:44:44 | 006,389,005 | ---- | M] () -- C:\Users\Mathias\Desktop\landingpage-seo-1.1.1.pdf
[2012.06.20 13:35:58 | 003,249,630 | ---- | M] () -- C:\Users\Mathias\Desktop\GooglePlus_Local_Guide2012.pdf
[2012.06.15 11:35:41 | 000,002,093 | ---- | M] () -- C:\Users\Mathias\Desktop\Neue Fotos.lnk
[2012.06.14 18:27:31 | 003,838,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 09:50:04 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.06.13 09:26:22 | 000,080,697 | ---- | M] () -- C:\Users\Mathias\Desktop\Christmann - Bosch Koch Röttgen UZ 320-Entw Stand 27.04.2012_Fragen_Röttgen.pdf
[2012.06.12 13:35:38 | 002,611,047 | ---- | M] () -- C:\Users\Mathias\Desktop\pinterest_fuer_unternehmen_marketing_guide_v1.pdf
[2012.06.07 09:56:47 | 000,000,132 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.06.06 22:21:40 | 000,267,406 | ---- | M] () -- C:\Users\Mathias\Desktop\Auftragsimport DD-Shipments 5.3 DE.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.22 20:41:37 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable
[2012.06.22 20:32:55 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\800000cb.@
[2012.06.22 20:32:54 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\80000000.@
[2012.06.22 20:32:52 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\00000001.@
[2012.06.22 17:27:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.20 13:42:30 | 006,389,005 | ---- | C] () -- C:\Users\Mathias\Desktop\landingpage-seo-1.1.1.pdf
[2012.06.20 13:34:50 | 003,249,630 | ---- | C] () -- C:\Users\Mathias\Desktop\GooglePlus_Local_Guide2012.pdf
[2012.06.15 11:35:21 | 000,002,093 | ---- | C] () -- C:\Users\Mathias\Desktop\Neue Fotos.lnk
[2012.06.13 09:17:42 | 000,080,697 | ---- | C] () -- C:\Users\Mathias\Desktop\Christmann - Bosch Koch Röttgen UZ 320-Entw Stand 27.04.2012_Fragen_Röttgen.pdf
[2012.06.12 13:35:37 | 002,611,047 | ---- | C] () -- C:\Users\Mathias\Desktop\pinterest_fuer_unternehmen_marketing_guide_v1.pdf
[2012.06.06 22:21:31 | 000,267,406 | ---- | C] () -- C:\Users\Mathias\Desktop\Auftragsimport DD-Shipments 5.3 DE.pdf
[2012.06.06 18:04:25 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012.01.17 18:43:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\@
[2012.01.17 18:43:46 | 000,002,048 | -HS- | C] () -- C:\Users\Mathias\AppData\Local\{61ca803e-5469-d304-2e83-941e5afd86ac}\@
[2011.11.22 22:47:27 | 000,000,028 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\PhonerLitesettings.ini
[2011.10.30 17:57:56 | 000,004,705 | ---- | C] () -- C:\Users\Mathias\AppData\Local\EmptySettings.xml
[2011.10.30 17:43:29 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.30 13:50:58 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2011.10.30 13:50:58 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2011.10.30 13:28:54 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.10.30 13:23:20 | 000,000,109 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.10.30 13:18:50 | 000,000,110 | ---- | C] () -- C:\Windows\Startup.INI
[2011.08.18 11:25:19 | 000,323,072 | ---- | C] () -- C:\Windows\System32\Rar.exe
[2011.07.04 18:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.18 19:50:03 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.05.18 19:46:06 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.03.21 08:51:25 | 000,167,936 | ---- | C] () -- C:\Windows\System32\pyrobatchcontrol.dll
[2011.03.21 08:51:25 | 000,090,112 | ---- | C] () -- C:\Windows\System32\StrStorage.dll
[2011.03.21 08:51:25 | 000,086,016 | ---- | C] ( ) -- C:\Windows\System32\rmpHTML.dll
[2011.03.21 08:51:25 | 000,015,872 | ---- | C] () -- C:\Windows\System32\CSRcryptRDP5.exe
[2011.03.21 08:51:24 | 000,448,099 | ---- | C] () -- C:\Windows\System32\BINFO.DAT
[2011.03.21 08:51:24 | 000,110,997 | ---- | C] () -- C:\Windows\System32\BNAME.DAT
[2011.03.21 08:51:24 | 000,041,122 | ---- | C] () -- C:\Windows\System32\BLZ.DAT
[2011.02.18 20:07:13 | 000,000,116 | ---- | C] () -- C:\Users\Mathias\SciTE.session
[2010.10.07 20:26:07 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.28 11:02:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.15 12:12:15 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Für Web speichern 12.0 Prefs

========== LOP Check ==========

[2010.11.20 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canneverbe Limited
[2010.11.07 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.30 19:32:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DATEV
[2011.10.07 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\elsterformular
[2011.11.12 10:40:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\GetRightToGo
[2010.08.15 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\GHISLER
[2011.05.11 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\IrfanView
[2010.12.30 12:41:19 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\LibreOffice
[2010.10.11 18:35:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Opera
[2012.03.26 23:11:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\pdfforge
[2010.10.05 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Phoner
[2011.11.22 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PhonerLite
[2010.08.15 11:37:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.06 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TeamViewer
[2011.06.29 12:39:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Thunderbird
[2012.06.01 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\XnView
[2012.02.24 22:55:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Larusso · 25.06.2012, 18:34

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Euphorbio · 25.06.2012, 20:56

Hallo Daniel,

vielen Dank für Deine Rückmeldung.
Ich habe Combofix ausgeführt, soweit gab es erstmal keine weiteren Schwierigkeiten. Den Logfile findest Du nun hier nachfolgend.

Beste Grüße
Euphorbio

.......................

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-25.03 - Mathias 25.06.2012  21:20:25.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3051.1908 [GMT 2:00]
ausgeführt von:: c:\users\Mathias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mathias\AppData\Local\{61ca803e-5469-d304-2e83-941e5afd86ac}\@
c:\users\Mathias\AppData\Local\{61ca803e-5469-d304-2e83-941e5afd86ac}\n
c:\windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\@
c:\windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\00000001.@
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-25 bis 2012-06-25  ))))))))))))))))))))))))))))))
.
.
2012-06-25 19:32 . 2012-06-25 19:32	--------	d-----w-	c:\users\Vorträge\AppData\Local\temp
2012-06-25 19:32 . 2012-06-25 19:32	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-06-25 19:32 . 2012-06-25 19:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-22 15:28 . 2012-06-22 15:28	--------	d-----w-	c:\users\Mathias\AppData\Roaming\Malwarebytes
2012-06-22 15:27 . 2012-06-22 15:27	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-22 15:27 . 2012-06-22 15:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-22 15:27 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-19 09:39 . 2012-06-19 09:39	--------	d-----w-	c:\program files\pdfforge Toolbar
2012-06-19 09:39 . 2012-06-19 09:39	--------	d-----w-	c:\program files\Common Files\Spigot
2012-06-19 09:39 . 2012-06-19 09:39	--------	d-----w-	c:\program files\Application Updater
2012-06-15 07:06 . 2012-06-15 07:06	--------	d-----w-	c:\users\Mathias\AppData\Local\Macromedia
2012-06-14 12:25 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:20 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-14 12:20 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 12:20 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 12:20 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:20 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:20 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 12:20 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 12:20 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 12:20 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-07 07:38 . 2012-06-07 07:38	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 07:38 . 2012-06-07 07:38	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 21:04 . 2012-04-24 07:10	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-24 21:04 . 2011-05-25 17:45	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 05:51	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:51	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:51	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:51	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:51	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:51	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:51	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:50	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:50	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-08 16:49 . 2011-10-16 15:48	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:49 . 2011-10-16 15:48	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-13 15:25 . 2010-07-19 20:19	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 08:28	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 08:28	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-10 08:28	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-06-20 16:16 . 2011-03-30 18:24	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 13797920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]
.
c:\users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2009-6-24 2518528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office SR V.5.02 Initialisierung.lnk - d:\datev\PROGRAMM\BSoffice\service\OfficeDiag.exe [2011-11-2 38496]
SkyUserDevmode-Update.lnk - d:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2011-7-29 27744]
TK-Suite Client.lnk - c:\program files\AGFEO\Tk-Suite-Basic\tools\ctimon.exe [2007-10-29 1593344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 DATEV Update-Service;DATEV Update-Service;d:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2011-07-25 172640]
R3 Datev.Database.Conserve;DATEV Connection Service;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R3 Datev.Framework.RemoteServices.Messaging.CentralMessagingService;DATEV Messaging-Service;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -SvcRunLevel=1000 [x]
R3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn;DATEV Schnittstellensystem pro;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 227600]
R3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-17 6758912]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-07 1343400]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-23 367456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]
S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 [x]
S2 DatevPrintService;DATEV Druckservice;d:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [2011-12-09 79872]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2009-05-04 545792]
S2 msftesql$DATEV_CL_DE01;SQL Server-Volltextsuche (DATEV_CL_DE01);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$DATEV_CL_DE01;SQL Server (DATEV_CL_DE01);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2009-05-03 31248]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-25 2253176]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-08-13 221912]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [2009-05-13 66560]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [2009-05-13 107520]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [2009-05-13 8064]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2009-07-03 1436560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 21:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4AA65866-DE09-466E-9FB8-0499465A0EB6}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\dna7torf.default\
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$DATEV_CL_DE01]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:DATEV_CL_DE01"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Easy ALS Manager\EasyALSManager.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\DllHost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe
c:\program files\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-25  21:44:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-25 19:44
.
Vor Suchlauf: 14 Verzeichnis(se), 119.753.310.208 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 121.948.172.288 Bytes frei
.
- - End Of File - - 2B90ACA3423C8196C8E21E9EAAE3F917

--- --- ---

Larusso · 26.06.2012, 06:42

Update bitte Malwarebytes und lass einen vollständigen Scan laufen. Entferne alle Funde und poste das Log hier

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Euphorbio · 26.06.2012, 22:32

Hallo Daniel,

nachfolgend die Log-Datei von Malwarebyte, die otl.txt sowie die extras.txt.

Besten Dank.
Euphorbio

................

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mathias :: MATHIAS-SAM [Administrator]

26.06.2012 19:18:25
mbam-log-2012-06-26 (19-18-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 555259
Laufzeit: 3 Stunde(n), 34 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Users\Mathias\AppData\Local\{61ca803e-5469-d304-2e83-941e5afd86ac}\n.vir (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

................OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 26.06.2012 23:07:24 - Run 2
OTL by OldTimer - Version 3.2.51.0     Folder = C:\Users\Mathias\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,76% Memory free
5,95 Gb Paging File | 4,49 Gb Available in Paging File | 75,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,21 Gb Total Space | 113,68 Gb Free Space | 58,23% Space Free | Partition Type: NTFS
Drive D: | 89,78 Gb Total Space | 77,50 Gb Free Space | 86,33% Space Free | Partition Type: NTFS
 
Computer Name: MATHIAS-SAM | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.22 20:42:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.08 18:49:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:49:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:49:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:49:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.09.01 19:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.10 00:52:40 | 012,002,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2011.04.24 01:33:18 | 042,872,672 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.25 16:01:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.26 19:10:19 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2010.04.03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.03.26 04:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.03.05 09:46:22 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2010.01.19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009.10.13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.09.12 21:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.07 19:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.06.24 09:22:00 | 002,518,528 | ---- | M] (Option) -- C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2009.05.04 16:49:20 | 000,545,792 | ---- | M] (OptionNV) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2008.05.29 10:16:22 | 000,327,680 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy ALS Manager\EasyALSManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.10 00:52:42 | 002,748,416 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS5\libmysqld.dll
MOD - [2011.06.10 00:52:42 | 000,073,728 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS5\Symlib.dll
MOD - [2009.06.24 09:22:00 | 000,077,824 | ---- | M] () -- C:\Programme\Option\GlobeTrotter Connect\custom.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009.02.27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn -- (Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn)
SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService)
SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto | Running] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 -- (Datev.Database.Conserve)
SRV - [2012.06.24 23:04:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.20 18:16:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.08 18:49:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:49:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.07.25 03:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.04.24 01:33:20 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2011.04.24 01:33:18 | 042,872,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2011.02.07 16:27:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.25 16:01:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$DATEV_CL_DE01) SQL Server (DATEV_CL_DE01)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.25 21:04:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.26 19:10:19 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010.04.03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.04.03 11:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010.03.26 04:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$DATEV_CL_DE01) SQL Server-Volltextsuche (DATEV_CL_DE01)
SRV - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.03.05 09:45:22 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.04 16:49:20 | 000,545,792 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mathias\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.08 18:49:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:49:50 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.13 21:48:16 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.08.13 19:27:41 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.26 19:10:19 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010.03.17 22:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.03 11:29:10 | 001,436,560 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2009.06.27 06:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.05.13 15:57:46 | 000,066,560 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009.05.13 15:56:46 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009.05.13 15:56:24 | 000,107,520 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 71 EF 6D E4 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7D41AECD-AE0B-45A3-98A3-4BB32531D019}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {c75a27d8-4529-449f-b67b-aba65d7a1c0a}:0.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.20 18:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 09:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.17 20:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.07.26 20:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2010.07.26 20:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.19 11:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\dna7torf.default\extensions
[2011.01.11 18:37:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\dna7torf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012.04.26 15:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 11:39:48 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.01.23 10:11:19 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNA7TORF.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.05.17 10:32:12 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNA7TORF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.20 18:16:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.13 17:25:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 09:48:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 09:48:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.14 09:48:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 09:48:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 09:48:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 09:48:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.25 21:33:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27BFD403-7C17-461D-889C-F931E9BD8BBF}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA65866-DE09-466E-9FB8-0499465A0EB6}: NameServer = 0.0.0.0
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 23:06:55 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\12-06-26
[2012.06.25 21:48:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\combofix_logfiles
[2012.06.25 21:44:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.25 21:36:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.06.25 21:13:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.25 21:13:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.25 21:13:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.25 21:13:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.06.25 21:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.25 21:05:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.25 21:04:01 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Mathias\Desktop\ComboFix.exe
[2012.06.24 23:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\logfiles
[2012.06.22 20:42:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.06.22 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.06.22 17:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.22 17:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.22 17:27:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.22 17:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.21 07:51:26 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 07:51:26 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 07:51:00 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 07:51:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 07:51:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 07:50:19 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 07:50:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.19 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Wasserleitung-Schmidsfelden
[2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.06.19 11:39:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.06.15 09:06:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Macromedia
[2012.06.14 17:15:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 17:15:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 17:15:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.14 17:15:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 17:15:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.14 17:15:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.14 17:15:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Fontviewer
[2012.06.14 14:20:39 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.14 14:20:38 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.14 14:20:38 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.14 14:20:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.26 23:06:40 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 23:06:40 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 23:01:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.26 22:58:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.26 22:58:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 22:57:49 | 2399,023,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 21:33:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.25 21:02:14 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Mathias\Desktop\ComboFix.exe
[2012.06.24 23:21:00 | 000,021,114 | ---- | M] () -- C:\Users\Mathias\Desktop\logfiles.zip
[2012.06.24 23:04:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.24 23:04:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.22 21:01:20 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\b8tdu8h4.exe
[2012.06.22 20:42:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.06.22 20:41:37 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable
[2012.06.22 17:27:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.22 13:15:10 | 000,000,013 | ---- | M] () -- C:\AktProjektAdresse.csr
[2012.06.21 16:41:14 | 000,001,456 | ---- | M] () -- C:\Users\Mathias\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.21 13:16:07 | 000,860,104 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.21 13:16:07 | 000,798,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.21 13:16:07 | 000,209,568 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.21 13:16:07 | 000,172,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 12:41:44 | 032,563,200 | ---- | M] () -- C:\Users\Mathias\Desktop\DatenPflege+Statistik.mdb
[2012.06.20 13:44:44 | 006,389,005 | ---- | M] () -- C:\Users\Mathias\Desktop\landingpage-seo-1.1.1.pdf
[2012.06.20 13:35:58 | 003,249,630 | ---- | M] () -- C:\Users\Mathias\Desktop\GooglePlus_Local_Guide2012.pdf
[2012.06.15 11:35:41 | 000,002,093 | ---- | M] () -- C:\Users\Mathias\Desktop\Neue Fotos.lnk
[2012.06.14 18:27:31 | 003,838,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 09:50:04 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.06.13 09:26:22 | 000,080,697 | ---- | M] () -- C:\Users\Mathias\Desktop\Christmann - Bosch Koch Röttgen UZ 320-Entw Stand 27.04.2012_Fragen_Röttgen.pdf
[2012.06.12 13:35:38 | 002,611,047 | ---- | M] () -- C:\Users\Mathias\Desktop\pinterest_fuer_unternehmen_marketing_guide_v1.pdf
[2012.06.07 09:56:47 | 000,000,132 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.06.06 22:21:40 | 000,267,406 | ---- | M] () -- C:\Users\Mathias\Desktop\Auftragsimport DD-Shipments  5.3 DE.pdf
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 21:13:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.25 21:13:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.25 21:13:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.25 21:13:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.25 21:13:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.24 23:21:00 | 000,021,114 | ---- | C] () -- C:\Users\Mathias\Desktop\logfiles.zip
[2012.06.22 21:01:15 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\b8tdu8h4.exe
[2012.06.22 20:41:37 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable
[2012.06.22 17:27:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.20 13:42:30 | 006,389,005 | ---- | C] () -- C:\Users\Mathias\Desktop\landingpage-seo-1.1.1.pdf
[2012.06.20 13:34:50 | 003,249,630 | ---- | C] () -- C:\Users\Mathias\Desktop\GooglePlus_Local_Guide2012.pdf
[2012.06.15 11:35:21 | 000,002,093 | ---- | C] () -- C:\Users\Mathias\Desktop\Neue Fotos.lnk
[2012.06.13 09:17:42 | 000,080,697 | ---- | C] () -- C:\Users\Mathias\Desktop\Christmann - Bosch Koch Röttgen UZ 320-Entw Stand 27.04.2012_Fragen_Röttgen.pdf
[2012.06.12 13:35:37 | 002,611,047 | ---- | C] () -- C:\Users\Mathias\Desktop\pinterest_fuer_unternehmen_marketing_guide_v1.pdf
[2012.06.06 22:21:31 | 000,267,406 | ---- | C] () -- C:\Users\Mathias\Desktop\Auftragsimport DD-Shipments  5.3 DE.pdf
[2012.06.06 18:04:25 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011.11.22 22:47:27 | 000,000,028 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\PhonerLitesettings.ini
[2011.10.30 17:57:56 | 000,004,705 | ---- | C] () -- C:\Users\Mathias\AppData\Local\EmptySettings.xml
[2011.10.30 17:43:29 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.30 13:50:58 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2011.10.30 13:50:58 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2011.10.30 13:28:54 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.10.30 13:23:20 | 000,000,109 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.10.30 13:18:50 | 000,000,110 | ---- | C] () -- C:\Windows\Startup.INI
[2011.08.18 11:25:19 | 000,323,072 | ---- | C] () -- C:\Windows\System32\Rar.exe
[2011.07.04 18:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.18 19:50:03 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.05.18 19:46:06 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.03.21 08:51:25 | 000,167,936 | ---- | C] () -- C:\Windows\System32\pyrobatchcontrol.dll
[2011.03.21 08:51:25 | 000,090,112 | ---- | C] () -- C:\Windows\System32\StrStorage.dll
[2011.03.21 08:51:25 | 000,086,016 | ---- | C] ( ) -- C:\Windows\System32\rmpHTML.dll
[2011.03.21 08:51:25 | 000,015,872 | ---- | C] () -- C:\Windows\System32\CSRcryptRDP5.exe
[2011.03.21 08:51:24 | 000,448,099 | ---- | C] () -- C:\Windows\System32\BINFO.DAT
[2011.03.21 08:51:24 | 000,110,997 | ---- | C] () -- C:\Windows\System32\BNAME.DAT
[2011.03.21 08:51:24 | 000,041,122 | ---- | C] () -- C:\Windows\System32\BLZ.DAT
[2011.02.18 20:07:13 | 000,000,116 | ---- | C] () -- C:\Users\Mathias\SciTE.session
[2010.10.07 20:26:07 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.28 11:02:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.15 12:12:15 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Für Web speichern 12.0 Prefs

< End of report >

--- --- ---

--- --- ---

................OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.06.2012 23:07:25 - Run 2
OTL by OldTimer - Version 3.2.51.0     Folder = C:\Users\Mathias\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,76% Memory free
5,95 Gb Paging File | 4,49 Gb Available in Paging File | 75,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,21 Gb Total Space | 113,68 Gb Free Space | 58,23% Space Free | Partition Type: NTFS
Drive D: | 89,78 Gb Total Space | 77,50 Gb Free Space | 86,33% Space Free | Partition Type: NTFS
 
Computer Name: MATHIAS-SAM | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{43587A7F-75BA-4399-B5BB-F145421D6044}" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tools\ctimon.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AA7611A-5DCB-43BE-A09E-30B054630B35}" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A84CE5D5-09AC-428E-9435-7D6F4D2AAED3}" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6F91528-61CB-416B-9839-26DB7AA085DF}" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC178F51-919E-45DB-BBDA-995C90161A5D}" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe | 
"{FE02CAB2-F265-4854-94AD-5AB05351E065}" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tools\ctimon.exe | 
"TCP Query User{1D0C8516-AFE8-406E-92A6-0BAD31550910}C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe | 
"TCP Query User{C642AAEE-FED4-4B0B-A050-DBC3FE5F53FE}C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe | 
"TCP Query User{EF0609A8-2ADE-4A53-8FC0-CFE263EB8040}C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tools\ctimon.exe | 
"UDP Query User{63668518-D9CC-4AF4-829D-F630F0E19FD2}C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tools\ctimon.exe | 
"UDP Query User{9672D01A-857B-466C-83AF-24258B2717B8}C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe | 
"UDP Query User{AB968E8F-7B1C-4462-BCE3-625F22FFFA08}C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{046755CA-F677-4B7F-AF9A-6AB295A02A30}" = Microsoft SQL Server 2008 R2 Native Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{167F6479-E5CD-411A-9E44-4296E51F64E5}" = Microsoft SQL Server VSS Writer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi-Software
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{31D72A9B-F7A1-4FE9-A9BC-45D2BE2610D4}" = SQLXML4
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9
"{3888A22E-1A9E-4DBE-A93B-42385141F37D}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4D4E2733-39BA-4E9E-A845-7F5BB8D85035}" = GlobeTrotter Connect
"{4D683850-F86B-45E8-97D9-65C0D6FEA95A}" = LibreOffice 3.3
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50ABF86D-0BDB-31AD-97FD-E8A55564EBF9}" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = SQL Server 2008 R2 Database Engine Services
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76866BE3-B2C7-40BB-B267-927792AED0C3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78033A38-50E2-4A65-823F-C1B34DF9FE41}" = Microsoft SQL Server 2008 R2-Richtlinien
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8343C2D8-09DF-38B3-9D1A-A26148918E45}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = GlobeTrotter Connect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD113A8-811A-404E-A4D7-443D014946AC}" = Microsoft SQL Server Browser
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{92906ADC-9482-4DDB-870D-0F1F535EAD91}" = SQL Server 2008 R2 Common Files
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{960C278D-E4F9-41AD-9073-1B663A7E8CAA}" = USB2.0 UVC WebCam
"{9615709B-777E-4EF7-ADF6-45131FA64C1E}" = Easy ALS Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (DATEV_CL_DE01)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC9B0EEF-92BC-4F50-A31E-CD4705B65FD5}_is1" = IDimager Professional SQLServer Edition 5.1.3.6
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E10B39DF-C167-4B79-B9C2-AA1570ACBB1D}" = SQL Server 2008 R2 Management Studio
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{E9380A3D-7A10-4988-B2A1-22A41C137D9F}" = SQL Server 2008 R2 Database Engine Shared
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoItv3" = AutoIt v3.3.6.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CSR-SOFTWARE ACX X11_12_06" = CSR-SOFTWARE ACX X11_12_06 X1 
"CSR-SOFTWARE ACX X12_02_16" = CSR-SOFTWARE ACX X12_02_16 X2012 
"DATEVB00000482.0" = DATEV Installation V.2.9
"ElsterFormular 12.3.2.6814k" = ElsterFormular-Update
"IrfanView" = IrfanView (remove only)
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nBIT HTML Editor OCX_is1" = nBIT HTML Editor ActiveX 3.2.2
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"Phoner_is1" = Phoner 2.52
"PhonerLite_is1" = PhonerLite 1.90
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"PyroBatchFTP" = PyroBatchFTP
"QNAP_FINDER" = QNAP Finder
"ST6UNST #1" = RotateTextBoxver2 Full Install
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinMerge_is1" = WinMerge 2.12.4
"XnView_is1" = XnView 1.98.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.01.2012 10:53:40 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46801
 
Error - 02.01.2012 10:53:40 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46801
 
Error - 02.01.2012 10:53:55 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.01.2012 10:53:55 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 62401
 
Error - 02.01.2012 10:53:55 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 62401
 
Error - 02.01.2012 10:54:11 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.01.2012 10:54:11 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 78001
 
Error - 02.01.2012 10:54:11 | Computer Name = Mathias-Sam | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 78001
 
Error - 03.01.2012 15:29:22 | Computer Name = Mathias-Sam | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2012 15:32:02 | Computer Name = Mathias-Sam | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 25.06.2012 15:50:43 | Computer Name = Mathias-Sam | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 25.06.2012 15:50:44 | Computer Name = Mathias-Sam | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 25.06.2012 15:50:44 | Computer Name = Mathias-Sam | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 25.06.2012 15:50:45 | Computer Name = Mathias-Sam | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 25.06.2012 16:00:43 | Computer Name = Mathias-Sam | Source = RemoteAccess | ID = 20152
Description = Der momentan konfigurierte Authentifizierungsanbieter konnte nicht
 geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch
 keine Daten des angeforderten Typs gefunden.  
 
Error - 25.06.2012 16:00:46 | Computer Name = Mathias-Sam | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%11004.
 
Error - 26.06.2012 12:55:40 | Computer Name = Mathias-Sam | Source = RemoteAccess | ID = 20152
Description = Der momentan konfigurierte Authentifizierungsanbieter konnte nicht
 geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch
 keine Daten des angeforderten Typs gefunden.  
 
Error - 26.06.2012 12:55:42 | Computer Name = Mathias-Sam | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%11004.
 
Error - 26.06.2012 16:59:05 | Computer Name = Mathias-Sam | Source = RemoteAccess | ID = 20152
Description = Der momentan konfigurierte Authentifizierungsanbieter konnte nicht
 geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch
 keine Daten des angeforderten Typs gefunden.  
 
Error - 26.06.2012 16:59:07 | Computer Name = Mathias-Sam | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%11004.
 
 
< End of report >

--- --- ---

Larusso · 27.06.2012, 07:09

Deinstalliere bitte
pdfforge Toolbar v5.9

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Euphorbio · 27.06.2012, 12:39

Hallo Daniel,
ich habe die pdfforge Toolbar v5.9 deinstalliert, danach dann den ESET Onlinescan durchgeführt. Das Ergebnis (ESET.txt):

C:\Users\Mathias\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application

Du hattest betont, dass auch externe Festplatten eingeschaltet sein sollen. Mein Rechner ist über ein internes Netzwerk mit einer QNAP-Nas verbunden, 4 Netzlaufwerke wiederum verweisen auf diesen Mini-Linux-Server. Deren Festplatten aber wurden nicht von ESET erfasst. Nur zur Info ...
Danke.
Gruß, Euphorbio

Larusso · 27.06.2012, 14:47

Netzwerkfestplatten sind eigentlich nicht das Problem.

Macht derRechner noch Probleme ?

Euphorbio · 27.06.2012, 15:07

Hallo,
nein, aktuell kann ich problemlos auf dem Rechner arbeiten. Aber was ist mit dem Fund von ESET bzw. kann ich mir sicher sein, dass ich die "lästigen Dinger" wirklich los bin?
Danke!
Euphorbio

Larusso · 27.06.2012, 15:24

Sieh dir den Speicherort der Datei an. Haste selber runter geladen.
Nicht immer sind alle Funde auch wirkliche Malware.

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Euphorbio · 28.06.2012, 11:25

Hallo Daniel,
alles hat so geklappt, wie von Dir beschrieben, einzig bei den Java-Temp-Dateien musste ich ein bißchen suchen ... Ich werde die Tipps aus Deinem letzten Post beherzigen (habe gestern bereits alles aktualisiert, was ziemlich nervig ist, wenn man an einer DSL-Leitung hängt, die den Namen nicht verdient hat). Hoffe, dass ich nun wieder ein Weilchen Ruhe habe.
Besten Dank für Deine Hilfe (die Paypal-Spende ist unterwegs).
Ciao, Euphorbio.

Larusso · 28.06.2012, 13:01

Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

27.06.2012, 14:47	#8
Larusso /// Selecta Jahrusso	Probleme mit div. Trojanern, z.B. Sirefref.AG.35 Netzwerkfestplatten sind eigentlich nicht das Problem. Macht derRechner noch Probleme ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Probleme mit div. Trojanern, z.B. Sirefref.AG.35

Log-Analyse und Auswertung: Probleme mit div. Trojanern, z.B. Sirefref.AG.35