TR/ Agent.Gen

Larusso · 04.07.2012, 19:41

Ja, benenn Combofix wieder in .com um.

murmeltiermu · 04.07.2012, 20:39

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-04.04 - HOLGER 04.07.2012  21:17:27.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2301 [GMT 2:00]
ausgeführt von:: c:\users\HOLGER\Desktop\ComboFix.com
Benutzte Befehlsschalter :: c:\users\HOLGER\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-04 bis 2012-07-04  ))))))))))))))))))))))))))))))
.
.
2012-07-04 19:25 . 2012-07-04 19:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-04 08:09 . 2012-07-04 19:25	--------	d-----w-	c:\users\HOLGER\AppData\Local\temp
2012-07-03 09:14 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{71CD26B0-6163-491D-84CC-A902EE13FB18}\mpengine.dll
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\users\HOLGER\AppData\Roaming\Malwarebytes
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-27 17:24 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-27 07:44 . 2012-06-27 07:44	--------	d-----w-	c:\users\HOLGER\AppData\Local\Apps
2012-06-24 08:53 . 2009-06-30 08:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2012-06-24 08:53 . 2012-06-24 08:53	--------	d-----w-	c:\program files\Panda Security
2012-06-22 04:09 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 04:09 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 04:09 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 04:09 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 04:09 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-22 04:09 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 04:09 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 04:09 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 04:09 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 17:48 . 2012-05-17 23:21	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 17:48 . 2012-05-17 22:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 17:48 . 2012-05-17 22:31	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 17:48 . 2012-05-17 22:31	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-06-13 17:48 . 2012-05-17 22:35	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-13 17:48 . 2012-05-17 22:29	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-13 17:47 . 2012-05-17 23:21	748664	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-06-13 17:47 . 2012-05-17 22:45	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-06-13 17:47 . 2012-05-17 22:37	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 17:47 . 2012-05-17 22:38	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 17:47 . 2012-05-17 22:35	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-13 15:48 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:48 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-13 15:48 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 15:48 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 15:48 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:48 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:48 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 15:47 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 15:47 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 15:47 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 04:16 . 2012-03-13 06:30	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-09 04:16 . 2012-03-13 06:30	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-19 18:05 . 2010-12-21 18:40	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-14 22:19 . 2012-06-18 18:09	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49	176936	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 12:24	1310000	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll" [2012-02-15 640000]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-23 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2009-10-01 139944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Backup	REG_MULTI_SZ   	BsBackup
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
- c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40]
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
- c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-04  21:43:29
ComboFix-quarantined-files.txt  2012-07-04 19:43
ComboFix2.txt  2012-07-04 08:09
.
Vor Suchlauf: 14 Verzeichnis(se), 880.812.773.376 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 880.776.704.000 Bytes frei
.
- - End Of File - - 8D15D0D7AF0C4676DFBFC70F967B36A6

--- --- ---

Larusso · 05.07.2012, 14:57

Downloade Dir bitte exehelper von Raktor.
Speichere die Datei auf dem Desktop.
Doppelklick auf die exeHelper.com um das Tool zu starten.
Es sollte ein schwarzes Fenster aufpoppen. Drücke nach dem das Tool fertig ist eine beliebige Taste um es zu schließen.
Poste nun den Inhalt der exehelperlog.txt. ( Diese befindet sich dort, wo Du exehelper gespeichert hast )

Wenn es danach immer noch nicht geht, mach mal einen Rechtsklick auf eine .exe Datei auf dem Desktop und mach mir nen Screenshot, damit ich die vorhandenen Optionen sehen kann.

murmeltiermu · 05.07.2012, 16:04

exeHelper by Raktor
Build 20100414
Run at 17:06:19 on 07/05/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

es geht immer noch nicht wie kann ich dir den screenshot hochladen? leider kann ich paint nicht öffnen als bild eingefügt in einem wordprogramm würde es gehen ich starte jetzt mal den rechner neu

murmeltiermu · 05.07.2012, 16:24

ok nun hab ich es auch geschafft

Larusso · 07.07.2012, 13:55

Sorry für die Verzögerung. Hatte Probleme mit meine Internet >.>

Haben alle heruntergeladenen Dateien keine Icons ?
Mit Registry Cleaner oder derartigen rumgespielt ?

Mach mal einen Rechtsklick auf du asmMBR.exe und wähle Dateipfad öffnen.
Was kommt da ?

Und einen Screenshot von den Eigenschaften der Datei würde mich intersieren.

murmeltiermu · 08.07.2012, 21:07

hallo bin auch wieder da

die heruntergeladenen Dateien haben alle kein Icon und die wo schon auf dem Desktop waren fast alle nicht, wobei aber z.b. bei einer verknüpfung auf ein Worddokument das mit dem Doppelklick aufgemacht werden kann ( word sich aber z.b. nicht direkt öffnen lässt )

mit einem cleaner und so wurde nichts gemacht, nachdem die icons auf einen schlag weg waren und sich alles nur über umwege öffnen ließ, hab ich avira und malware laufen lassen und bin dann gleich hier ins board

die auswahl dateipfad gibst bei dieser datei nicht hab mal das menü mit geöffnet

Larusso · 09.07.2012, 11:10

Hy. Lass mich mal ein bisschen graben hier.

Deinstalliere bitte
Searchqu Toolbar

Rechner neu starten.

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Downloade dir bitte die angehängte CFscript.txt auf deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Die OTL.exe wird von deinem Desktop gelöscht.
Sollte die nächsten Tools immer noch nicht laufen, benenne sie bitte erneut in .com um.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe.
Setze einen Haken bei Scanne alle Benutzer.
Klicke auf den Scan Button.
Poste die OTl.txt hier in den Thread.

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Hacken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Bitte poste in deiner nächsten Antwort
Combofix.txt
OTL.txt
Gmer.txt
Berichte, ob du die Dateien wieder starten kannst.

murmeltiermu · 09.07.2012, 14:57

hier mal das log von combofix da die otl seite im moment nicht erreichbar ist

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-08.01 - HOLGER 09.07.2012  14:58:24.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2040 [GMT 2:00]
ausgeführt von:: c:\users\HOLGER\Desktop\ComboFix.com
Benutzte Befehlsschalter :: c:\users\HOLGER\Desktop\CFscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\HOLGER\Desktop\OTL.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HOLGER\Desktop\OTL.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-09 bis 2012-07-09  ))))))))))))))))))))))))))))))
.
.
2012-07-09 13:07 . 2012-07-09 13:07	--------	d-----w-	c:\users\HOLGER\AppData\Local\temp
2012-07-09 13:07 . 2012-07-09 13:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-08 20:01 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{770BAD54-C28E-4E03-9CFA-9C09B1442301}\mpengine.dll
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\users\HOLGER\AppData\Roaming\Malwarebytes
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-27 17:24 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-27 07:44 . 2012-06-27 07:44	--------	d-----w-	c:\users\HOLGER\AppData\Local\Apps
2012-06-24 08:53 . 2009-06-30 08:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2012-06-24 08:53 . 2012-06-24 08:53	--------	d-----w-	c:\program files\Panda Security
2012-06-22 04:09 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 04:09 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 04:09 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 04:09 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 04:09 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-22 04:09 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 04:09 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 04:09 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 04:09 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 17:48 . 2012-05-17 23:21	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 17:48 . 2012-05-17 22:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 17:48 . 2012-05-17 22:31	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 17:48 . 2012-05-17 22:31	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-06-13 17:48 . 2012-05-17 22:35	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-13 17:48 . 2012-05-17 22:29	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-13 17:47 . 2012-05-17 23:21	748664	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-06-13 17:47 . 2012-05-17 22:45	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-06-13 17:47 . 2012-05-17 22:37	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 17:47 . 2012-05-17 22:38	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 17:47 . 2012-05-17 22:35	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-13 15:48 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:48 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-13 15:48 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 15:48 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 15:48 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:48 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:48 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 15:47 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 15:47 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 15:47 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 04:16 . 2012-03-13 06:30	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-09 04:16 . 2012-03-13 06:30	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-19 18:05 . 2010-12-21 18:40	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-14 22:19 . 2012-06-18 18:09	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49	176936	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 12:24	1310000	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-23 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2009-10-01 139944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Backup	REG_MULTI_SZ   	BsBackup
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
- c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40]
.
2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
- c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-!{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-09  15:25:45
ComboFix-quarantined-files.txt  2012-07-09 13:25
ComboFix2.txt  2012-07-04 19:43
ComboFix3.txt  2012-07-04 08:09
.
Vor Suchlauf: 14 Verzeichnis(se), 880.900.009.984 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 880.850.751.488 Bytes frei
.
- - End Of File - - 76D8CA857E778A3AD17901A05C1FB421

--- --- ---

Larusso · 09.07.2012, 16:55

Habs auch gerade bemerkt. Nimm den als Alternative

OTL Download - OTL 3.2.53.1

murmeltiermu · 09.07.2012, 21:25

so hier mal das OTL logOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.07.2012 21:00:09 - Run 3
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\HOLGER\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 68,02% Memory free
6,50 Gb Paging File | 5,33 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 819,99 Gb Free Space | 90,07% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
 
Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.09 20:51:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.com
PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.19 04:25:36 | 000,471,040 | ---- | M] () -- C:\Programme\Lexmark Toolbar\resource.dll
MOD - [2011.08.19 04:09:40 | 000,528,384 | ---- | M] () -- C:\Programme\Lexmark Toolbar\toolband.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device)
SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\HOLGER\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M]
 
[2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions
[2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions
[2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com
[2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com
[2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml
[2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml
[2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.07.09 15:07:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 20:51:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.com
[2012.07.09 15:25:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.09 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\temp
[2012.07.04 18:16:19 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\HOLGER\Desktop\ComboFix.com
[2012.07.04 09:50:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.04 09:39:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.02 14:29:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.02 14:29:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.02 14:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.02 14:29:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.01 20:41:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\HOLGER\Desktop\aswMBR.exe
[2012.06.30 22:20:39 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HOLGER\Desktop\tdsskiller.exe
[2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps
[2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 15:42:34 | 000,739,840 | ---- | C] (Google Inc.) -- C:\Users\HOLGER\Documents\ChromeSetup.exe
[2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.06.22 06:09:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 06:09:48 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 06:09:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 06:09:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 06:09:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 06:09:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 06:09:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.19 06:13:22 | 003,961,792 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.18 20:08:34 | 016,420,744 | ---- | C] (Mozilla) -- C:\Users\HOLGER\Documents\Firefox%20Setup%2013.0.1.exe
[2012.06.13 19:48:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 19:48:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 19:48:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 19:48:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 19:47:59 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.13 19:47:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 19:47:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 17:48:08 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 17:48:08 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 17:48:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 17:48:07 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen
[2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 20:51:19 | 003,961,792 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.07.09 20:51:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.com
[2012.07.09 19:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
[2012.07.09 15:07:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.09 14:57:56 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 14:57:56 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 14:56:17 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\HOLGER\Desktop\ComboFix.com
[2012.07.09 14:55:00 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 14:55:00 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 14:55:00 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.09 14:54:59 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 14:50:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 14:50:30 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 17:21:15 | 000,213,137 | ---- | M] () -- C:\Users\HOLGER\Desktop\andruck.pdf
[2012.07.05 17:05:42 | 000,294,400 | ---- | M] () -- C:\Users\HOLGER\Desktop\exeHelper.com
[2012.07.05 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
[2012.07.01 22:11:34 | 330,985,728 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.01 22:04:15 | 000,000,512 | ---- | M] () -- C:\Users\HOLGER\Desktop\MBR.dat
[2012.07.01 20:41:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\HOLGER\Desktop\aswMBR.exe
[2012.06.30 22:20:43 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HOLGER\Desktop\tdsskiller.exe
[2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 15:42:58 | 000,739,840 | ---- | M] (Google Inc.) -- C:\Users\HOLGER\Documents\ChromeSetup.exe
[2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk
[2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.18 20:08:45 | 016,420,744 | ---- | M] (Mozilla) -- C:\Users\HOLGER\Documents\Firefox%20Setup%2013.0.1.exe
[2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.05 17:21:14 | 000,213,137 | ---- | C] () -- C:\Users\HOLGER\Desktop\andruck.pdf
[2012.07.05 17:05:40 | 000,294,400 | ---- | C] () -- C:\Users\HOLGER\Desktop\exeHelper.com
[2012.07.02 14:29:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.02 14:29:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.02 14:29:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.02 14:29:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.02 14:29:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.01 21:39:45 | 000,000,512 | ---- | C] () -- C:\Users\HOLGER\Desktop\MBR.dat
[2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf
[2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat
[2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll
[2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll
[2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll
[2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll
[2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll
[2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini
[2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll
[2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll
[2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll
[2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll
[2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll
[2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll
[2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll
[2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll
[2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll
[2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll
[2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll
[2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll
[2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe
[2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll
[2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll
[2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll
[2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll
[2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll
[2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe
[2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll
[2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll
[2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe
[2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll
[2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll

< End of report >

--- --- ---

guten morgen,
folgendes problem ich habe das GMER programm laufen lassen und es lief auch sehr lange, aber irgendwann während oder nach dem scan hat sich der computer heruntergefahren und ein protokoll gibt es nicht, oder speichert dieses programm das log auch automatisch irgedwo hin?

die anwendungen laufen immer noch nicht über den direkten klick

Larusso · 10.07.2012, 16:24

Hy.

Zitat:

Scan Mode: Current user

Lies bitte meine Anleitungen genau. Da steht was von
Setze einen Haken bei Scanne alle Benutzer

Das hast du nicht getan. Bitte wiederholen.

murmeltiermu · 10.07.2012, 18:20

uups sorry hab ich beim 2. mal vergessen

soll ich danach das gmer auch nochmal laufen lassen? oder hat das eine mit dem anderen nichts zu tun?

Larusso · 10.07.2012, 18:23

Ne, lass GMER mal sein. Hoffentlich bringt das schon mal Licht ins Dunkle.

murmeltiermu · 10.07.2012, 18:26

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.07.2012 19:24:18 - Run 4
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\HOLGER\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 71,56% Memory free
6,50 Gb Paging File | 5,51 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 819,85 Gb Free Space | 90,05% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 450,07 Gb Free Space | 96,63% Space Free | Partition Type: NTFS
 
Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.09 20:51:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.com
PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device)
SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HOLGER\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data]
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M]
 
[2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions
[2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions
[2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com
[2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com
[2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml
[2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml
[2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.07.09 15:07:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-3655861120-308642264-2925887876-1000..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655861120-308642264-2925887876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 20:51:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.com
[2012.07.09 15:25:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.09 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\temp
[2012.07.04 18:16:19 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\HOLGER\Desktop\ComboFix.com
[2012.07.04 09:50:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.04 09:39:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.02 14:29:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.02 14:29:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.02 14:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.02 14:29:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.01 20:41:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\HOLGER\Desktop\aswMBR.exe
[2012.06.30 22:20:39 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HOLGER\Desktop\tdsskiller.exe
[2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps
[2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 15:42:34 | 000,739,840 | ---- | C] (Google Inc.) -- C:\Users\HOLGER\Documents\ChromeSetup.exe
[2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.06.22 06:09:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 06:09:48 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 06:09:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 06:09:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 06:09:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 06:09:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 06:09:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.19 06:13:22 | 003,961,792 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.18 20:08:34 | 016,420,744 | ---- | C] (Mozilla) -- C:\Users\HOLGER\Documents\Firefox%20Setup%2013.0.1.exe
[2012.06.13 19:48:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 19:48:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 19:48:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 19:48:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 19:47:59 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.13 19:47:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 19:47:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 17:48:08 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 17:48:08 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 17:48:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 17:48:07 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen
[2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.10 19:29:13 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 19:29:13 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 19:26:52 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.10 19:26:52 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.10 19:26:52 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.10 19:26:52 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.10 19:21:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 19:21:40 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 16:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
[2012.07.10 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
[2012.07.09 22:33:35 | 000,302,592 | ---- | M] () -- C:\Users\HOLGER\Desktop\19kliqzp.com
[2012.07.09 20:51:19 | 003,961,792 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.07.09 20:51:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.com
[2012.07.09 15:07:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.09 14:56:17 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\HOLGER\Desktop\ComboFix.com
[2012.07.05 17:21:15 | 000,213,137 | ---- | M] () -- C:\Users\HOLGER\Desktop\andruck.pdf
[2012.07.05 17:05:42 | 000,294,400 | ---- | M] () -- C:\Users\HOLGER\Desktop\exeHelper.com
[2012.07.01 22:11:34 | 330,985,728 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.01 22:04:15 | 000,000,512 | ---- | M] () -- C:\Users\HOLGER\Desktop\MBR.dat
[2012.07.01 20:41:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\HOLGER\Desktop\aswMBR.exe
[2012.06.30 22:20:43 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HOLGER\Desktop\tdsskiller.exe
[2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 15:42:58 | 000,739,840 | ---- | M] (Google Inc.) -- C:\Users\HOLGER\Documents\ChromeSetup.exe
[2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk
[2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.18 20:08:45 | 016,420,744 | ---- | M] (Mozilla) -- C:\Users\HOLGER\Documents\Firefox%20Setup%2013.0.1.exe
[2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 22:33:34 | 000,302,592 | ---- | C] () -- C:\Users\HOLGER\Desktop\19kliqzp.com
[2012.07.05 17:21:14 | 000,213,137 | ---- | C] () -- C:\Users\HOLGER\Desktop\andruck.pdf
[2012.07.05 17:05:40 | 000,294,400 | ---- | C] () -- C:\Users\HOLGER\Desktop\exeHelper.com
[2012.07.02 14:29:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.02 14:29:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.02 14:29:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.02 14:29:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.02 14:29:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.01 21:39:45 | 000,000,512 | ---- | C] () -- C:\Users\HOLGER\Desktop\MBR.dat
[2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf
[2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat
[2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll
[2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll
[2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll
[2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll
[2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll
[2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini
[2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll
[2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll
[2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll
[2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll
[2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll
[2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll
[2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll
[2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll
[2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll
[2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll
[2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll
[2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll
[2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe
[2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll
[2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll
[2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll
[2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll
[2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll
[2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe
[2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll
[2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll
[2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe
[2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll
[2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll

< End of report >

--- --- ---

04.07.2012, 19:41	#16
Larusso /// Selecta Jahrusso	TR/ Agent.Gen Ja, benenn Combofix wieder in .com um. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

09.07.2012, 16:55	#25
Larusso /// Selecta Jahrusso	TR/ Agent.Gen Habs auch gerade bemerkt. Nimm den als Alternative OTL Download - OTL 3.2.53.1 __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

10.07.2012, 18:23	#29
Larusso /// Selecta Jahrusso	TR/ Agent.Gen Ne, lass GMER mal sein. Hoffentlich bringt das schon mal Licht ins Dunkle. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

TR/ Agent.Gen

Plagegeister aller Art und deren Bekämpfung: TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

TR/ Agent.Gen

Ähnliche Themen: TR/ Agent.Gen

05.07.2012, 16:24	#20
murmeltiermu	TR/ Agent.Gen ok nun hab ich es auch geschafft Miniaturansicht angehängter Grafiken

10.07.2012, 18:20	#28
murmeltiermu	TR/ Agent.Gen uups sorry hab ich beim 2. mal vergessen soll ich danach das gmer auch nochmal laufen lassen? oder hat das eine mit dem anderen nichts zu tun?