Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ Agent.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.06.2012, 06:38   #1
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Guten Morgen,

nach einem plötzlichen verschwinden aller Programmsymbole auf dem Desktop welche dann einfach als weiße Seiten wieder aufgetaucht sind, waren alle Verknüpfungen verschwunden. Alle Programme lassen sich wenn überhaupt nur noch über sehr umständliche Wege starten, denn beim direkten anklicken der Dateien, also auch der exe Dateien,kommt immer sofort das "Öffnen mit" Fenster.

Avira hat nichts gemeldet und erst nach der Malware suche kam der Fund TR/Agent.Gen

hier das Log


Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
HOLGER :: HOLGER-PC [Administrator]

Schutz: Deaktiviert

27.06.2012 19:35:33
mbam-log-2012-06-27 (19-35-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 964311
Laufzeit: 7 Stunde(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\HOLGER\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


schon mal Danke für die Hilfe

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2012 08:28:13 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\HOLGER\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,86% Memory free
6,50 Gb Paging File | 5,46 Gb Available in Paging File | 83,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 823,28 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe
PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device)
SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de - IE 8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Nachrichten - Service - Shopping bei t-online.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Plasmoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M]
 
[2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions
[2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions
[2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com
[2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com
[2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml
[2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml
[2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 07:54:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe
[2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps
[2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.06.19 06:13:22 | 000,989,584 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen
[2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 08:30:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.28 08:30:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.28 08:30:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.28 08:30:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.28 08:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 08:23:58 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe
[2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
[2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
[2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk
[2012.06.20 07:57:47 | 000,989,584 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2012.06.04 07:05:46 | 000,061,523 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf
[2012.05.31 18:11:56 | 000,077,829 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf
[2012.05.31 17:42:50 | 000,005,556 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf
[2012.05.30 14:02:48 | 000,048,016 | ---- | M] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf
[2012.05.30 13:59:30 | 000,062,635 | ---- | M] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.06.04 07:06:06 | 000,061,523 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf
[2012.05.31 18:12:19 | 000,077,829 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf
[2012.05.31 17:44:09 | 000,005,556 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf
[2012.05.30 14:03:11 | 000,048,016 | ---- | C] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf
[2012.05.30 14:00:01 | 000,062,635 | ---- | C] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf
[2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf
[2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat
[2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll
[2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll
[2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll
[2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll
[2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll
[2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini
[2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll
[2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll
[2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll
[2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll
[2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll
[2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll
[2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll
[2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll
[2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll
[2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll
[2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll
[2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll
[2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe
[2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll
[2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll
[2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll
[2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll
[2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll
[2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe
[2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll
[2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll
[2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe
[2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll
[2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll
 
========== LOP Check ==========
 
[2012.06.15 06:40:15 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\DVDVideoSoft
[2012.04.11 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\loadtbs
[2011.02.12 09:05:42 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\MAGIX
[2012.05.24 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenCandy
[2010.12.22 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenOffice.org
[2012.01.23 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Opera
[2012.01.18 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\PowerCinema
[2012.01.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Samsung
[2011.01.22 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Software Inspection Library
[2011.01.12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\T-Online
[2012.05.24 21:26:04 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\TuneUp Software
[2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
[2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
[2012.05.01 18:42:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2012 08:28:13 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\HOLGER\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,86% Memory free
6,50 Gb Paging File | 5,46 Gb Available in Paging File | 83,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 823,28 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe
PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device)
SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de - IE 8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Nachrichten - Service - Shopping bei t-online.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Plasmoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M]
 
[2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions
[2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions
[2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com
[2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com
[2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml
[2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml
[2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 07:54:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe
[2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps
[2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.06.19 06:13:22 | 000,989,584 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen
[2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 08:30:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.28 08:30:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.28 08:30:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.28 08:30:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.28 08:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 08:23:58 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe
[2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
[2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
[2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe
[2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\HOLGER\Documents\speedupmypc.exe
[2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk
[2012.06.20 07:57:47 | 000,989,584 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe
[2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe
[2012.06.04 07:05:46 | 000,061,523 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf
[2012.05.31 18:11:56 | 000,077,829 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf
[2012.05.31 17:42:50 | 000,005,556 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf
[2012.05.30 14:02:48 | 000,048,016 | ---- | M] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf
[2012.05.30 13:59:30 | 000,062,635 | ---- | M] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable
[2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe
[2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe
[2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk
[2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk
[2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk
[2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf
[2012.06.04 07:06:06 | 000,061,523 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf
[2012.05.31 18:12:19 | 000,077,829 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf
[2012.05.31 17:44:09 | 000,005,556 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf
[2012.05.30 14:03:11 | 000,048,016 | ---- | C] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf
[2012.05.30 14:00:01 | 000,062,635 | ---- | C] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf
[2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf
[2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat
[2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll
[2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll
[2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll
[2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll
[2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll
[2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini
[2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll
[2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll
[2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll
[2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll
[2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll
[2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll
[2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll
[2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll
[2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll
[2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll
[2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll
[2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll
[2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe
[2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll
[2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll
[2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll
[2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll
[2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll
[2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe
[2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll
[2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll
[2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe
[2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll
[2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll
 
========== LOP Check ==========
 
[2012.06.15 06:40:15 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\DVDVideoSoft
[2012.04.11 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\loadtbs
[2011.02.12 09:05:42 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\MAGIX
[2012.05.24 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenCandy
[2010.12.22 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenOffice.org
[2012.01.23 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Opera
[2012.01.18 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\PowerCinema
[2012.01.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Samsung
[2011.01.22 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Software Inspection Library
[2011.01.12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\T-Online
[2012.05.24 21:26:04 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\TuneUp Software
[2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
[2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
[2012.05.01 18:42:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2012 07:58:17 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\HOLGER\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 60,99% Memory free
6,50 Gb Paging File | 5,16 Gb Available in Paging File | 79,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 823,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102AD012-B5FB-4B58-9DBA-55455FC62C83}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1312A125-55F0-48CF-BFEA-98ECE6B4E1F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B5EFB86-D2B6-472D-BFDE-0AA47E6DBB3D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2181C64B-0E29-4227-BAC3-6CDE6AA8CE7A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{277F9405-78C4-4A59-989D-6C9E38253257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C03E55E-C2C3-4AF9-96CF-0530E2ACA8B3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{37E3CCB5-FA68-442A-95B1-35E3FAE0B740}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3BB68256-C138-48B9-B1AF-351E28EE8F29}" = lport=137 | protocol=17 | dir=in | app=system | 
"{58B1CD6A-92A1-499A-B720-20DCE2E0E56F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66A25583-1418-4605-9866-5B6E82710D5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68D39BC1-077C-4C66-BFFE-3C19311150D6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7DDDE052-B8C4-49AF-BC82-44E896C3D1DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8347939E-DB13-41EF-89D8-37147128C7AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{89E67ECE-88AA-4672-AA45-9F0199CB1CD9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{90428154-8343-44C9-AA99-EF250DCCD7AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93E36C12-F05E-426B-A79C-020AD991589D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9F39FD63-D4FB-40C1-AFEA-62531F756111}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A30B3F2D-EAA0-455A-B34C-FCAC7B2A3C80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD69A03C-0600-4378-83FD-9A282774207A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B65ECDE3-E39C-4EF8-B8F7-6BA0EE46A6B9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B6AD25A5-F960-4496-B100-D37847F7A584}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9C64E12-185B-4D1B-B7BA-32A080055677}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C72FD472-19E1-4C24-A551-458278B16023}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C97D7619-F625-41F7-AAF7-3D233BBB90D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FB90E485-319E-4AD1-9332-F96AD59FF1F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01441A78-B876-420F-9B7B-F856A0201DCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05A00F36-982A-4FCF-98F9-07AB46B5A27D}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe | 
"{07B78EA8-79B2-4D13-B47A-2D52F4E75774}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe | 
"{090AF306-AB92-4519-8D53-726A3618AF38}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe | 
"{0C7DD1B5-43F2-435B-8182-A2D93E54E7A0}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe | 
"{0CD1D211-E2C1-455C-BDB9-CFA438F58C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0F392924-9C41-470E-88B8-18AD04BDD189}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe | 
"{12B6E503-0365-4DE5-A5ED-161B82428641}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{15B07B33-2820-47E5-B9ED-5C9E93E7E2D0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{18638D94-DFCD-4F34-880A-34DEE891BB32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{1AC12CD9-C5B8-46E0-BE4B-8D942A975FC3}" = protocol=6 | dir=out | app=system | 
"{1DA86511-FF4F-42B6-91B1-9D9E222BDD34}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{1E949A2D-5259-4B3A-8840-BC9BCAC5CC91}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{25DBB59F-4793-4AE6-BEAB-734DE1390702}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{268B6A10-83E6-431A-BA93-6314C6809C0D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{287757B7-7E22-46BF-AC5B-6B4DD4C55EF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E50F481-F078-4242-A875-612E8D3B1021}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{304E2BB2-53E3-48AD-B674-A6FAE0A2D931}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3266F8C0-F91D-4C64-883B-D7F10359472D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{3561E84E-165E-46A6-96D1-1BC5D01E5F52}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{493844B1-16C9-4864-B0AC-D76967A88412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5FF762CF-2E1B-4B06-B92C-FC556354FE9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{620A0425-E7E9-4392-BC6D-94E37862EB50}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6F5CFFAF-ED12-4A0C-8A98-8395302553FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{907E5DF1-814B-436E-B3F7-7670A4FA3356}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe | 
"{935B86C9-FB1F-4995-BFA3-557FB0789EA6}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{94EE57A7-B6DC-48CE-BAAA-3373D98DAD1B}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | 
"{A73CB69C-E102-4051-B559-D309C915F701}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A744F1DA-F521-4A9D-9AEA-A6399BB08396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB188F35-3027-4179-9A0B-A36154F89B93}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{ADFF21C4-C19B-4324-A623-A85F77963FD1}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{BA8C6F70-523F-44EA-B062-9D2EB5AA12CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C900648D-04A6-4E35-82FC-070B243B49D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC9610FF-D89A-43CA-B5B0-99AA3618D79B}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{CD073175-34F2-4EB1-8A20-6BCD0BDF8B1C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CE005EFF-F84F-4E28-B2B6-5A119271C88D}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{D5B48266-8067-41F0-9B49-AD1EC3F58014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA451386-4FA8-4BA0-913B-F5A36F6C6A40}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | 
"{DE4CA033-6A41-4D93-B985-C17CCA2222B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E05EB876-AE0C-4CED-A332-A8EEDB6FD06C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{E0FB310B-1593-4CAC-BCEF-F6F4F837E6B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E24B4645-1CBE-4E4D-94B1-994A2ED11C11}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe | 
"{E4AB10A9-ED2D-46FB-A658-0EBD3BB797DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EE095D71-4E6E-4001-B394-E085CDCCE8E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFAFF7EE-80CF-47D5-9CA5-77F04131F652}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{FA5E9BF7-86FB-403C-A3E9-A09AB75B1B9B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{FDBD2DFF-AE66-46BB-A7AF-E102379B7570}" = dir=in | app=c:\users\holger\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{FE440254-188F-4EDE-A514-552ED46BADA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{82443CBA-A96C-454A-865D-23CAF5B30118}C:\baufaktura\huonkeraktualisierung.exe" = protocol=6 | dir=in | app=c:\baufaktura\huonkeraktualisierung.exe | 
"TCP Query User{D3276AC9-37C1-425C-8F6C-B39A8290B438}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FC5EF1D3-9843-4C07-B7E2-EC73F7F412E8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{05D0C0AD-2096-4455-986D-945EFBDE2CB6}C:\baufaktura\huonkeraktualisierung.exe" = protocol=17 | dir=in | app=c:\baufaktura\huonkeraktualisierung.exe | 
"UDP Query User{BA532E81-41FB-4EBC-8D51-D018582C3267}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CAB024C3-6887-4C12-9356-25F6624018EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF500AE-1A18-4FAB-98BB-9B2038ED528C}" = BauFaktura
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4183178B-4D4E-48A7-9257-454BA90A760E}" = SweetPacks Toolbar for Internet Explorer 4.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A0250B44-DF91-4B66-85AF-45FA5B5512FC}" = Internet Explorer
"{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA72867B-3964-4133-A8AE-D5EF9AC014DE}" = Anmeldevordruck 4.0
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"doPDF 6  printer_is1" = doPDF 6.2  printer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElcomPDF" = ElcomPDF
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"KONICA MINOLTA magicolor 2530DL" = KONICA MINOLTA magicolor 2530DL
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Searchqu Toolbar" = Searchqu Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2011 13:22:12 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 05.10.2011 12:46:38 | Computer Name = HOLGER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lxeecoms.exe, Version: 9.2.33.0, 
Zeitstempel: 0x4b1ffc19  Name des fehlerhaften Moduls: lxeeserv.dll, Version: 9.2.33.0,
 Zeitstempel: 0x4b1ffdcd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006bcd7  ID des fehlerhaften
 Prozesses: 0x928  Startzeit der fehlerhaften Anwendung: 0x01cc837e529eb340  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\lxeecoms.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\lxeeserv.dll  Berichtskennung: 9755bba0-ef71-11e0-bf81-406186c4de20
 
Error - 09.10.2011 13:00:02 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.10.2011 13:00:01 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 23.10.2011 13:00:01 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 01.11.2011 13:30:35 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 13
Description = 
 
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 8193
Description = 
 
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 13
Description = 
 
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 07.05.2012 11:46:19 | Computer Name = HOLGER-PC | Source = MCUpdate | ID = 0
Description = 17:46:01 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
 404: Die angeforderte URL ist auf diesem Server nicht vorhanden.  )  
 
[ System Events ]
Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.06.2012 13:25:40 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.06.2012 13:31:33 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxeeCATSCustConnectService erreicht.
 
Error - 27.06.2012 13:31:33 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 27.06.2012 13:32:40 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

ich kann meinen Beitrag leider nicht editieren sonst würd ich den doppelpost rausnehmen

und aufgrund dieser exe auswahlgeschichte weiss ich auch nicht wie ich die programme als admin starten kann

Alt 30.06.2012, 03:54   #2
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 30.06.2012, 21:40   #3
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



hallo daniel

danke das du mir helfen möchtest

ich habe den tdss killer auf den desktop geladen kann ihn dann über die funktion öffnen mit ( und dann wieder auf die desktop datei zugreifend) starten aber er bringt mir sofort die fehlermeldung
Error
valid command line parameters:

und an dieser stelle kommen 16 fehlende pfade bzw. ordner

ich habe versucht einen bildschirmandruck zu machen kann aber ja das paint oder so nicht öffnen um die fehlermeldung zu speichern, da man den text nicht kopieren kann
__________________

Alt 01.07.2012, 17:46   #4
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 01.07.2012, 21:22   #5
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Hallo Daniel

folgendes Problem

entweder der scan geht los und dann hängt sich irgendwann nach nicht allzulanger zeit das programm auf und es kommt der blaue Bildschirm mit
a problem has been detected and windows has been shut down....
Bad_Pool.Header


oder aber das Programm läuft bis zum scanpunkt
C/windows/assembly/GAL-MSIL/Micorsoft.Visualstudio.tools.applications

und dann hängt es sich auf und es kommt programm reagiert nicht programm beenden

nachdem ich es mehrmals versucht habe, habe ich einfach kurz vor dem Punkt wo es sich aufhängt mal das log gespeichert


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-01 22:01:30
-----------------------------
22:01:30.943 OS Version: Windows 6.1.7601 Service Pack 1
22:01:30.943 Number of processors: 2 586 0x170A
22:01:30.959 ComputerName: HOLGER-PC UserName: HOLGER
22:01:32.893 Initialize success
22:01:37.573 AVAST engine defs: 12070100
22:01:40.163 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
22:01:40.163 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
22:01:40.194 Disk 0 MBR read successfully
22:01:40.194 Disk 0 MBR scan
22:01:40.210 Disk 0 unknown MBR code
22:01:40.210 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:01:40.225 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 932262 MB offset 206848
22:01:40.256 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 1909479424
22:01:40.272 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
22:01:40.288 Disk 0 scanning sectors +1953521664
22:01:40.334 Disk 0 scanning C:\Windows\system32\drivers
22:01:51.176 Service scanning
22:02:08.321 Modules scanning
22:02:14.842 Disk 0 trace - called modules:
22:02:14.873 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
22:02:14.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8599c6a8]
22:02:14.888 3 CLASSPNP.SYS[837bf59e] -> nt!IofCallDriver -> [0x862bc890]
22:02:14.904 5 ACPI.sys[8bcc73d4] -> nt!IofCallDriver -> \Device\0000005c[0x8678c030]
22:02:17.057 AVAST engine scan C:\Windows
22:02:20.692 AVAST engine scan C:\Windows\system32
22:04:15.476 Disk 0 MBR has been saved successfully to "C:\Users\HOLGER\Desktop\MBR.dat"
22:04:15.476 The log file has been saved successfully to "C:\Users\HOLGER\Desktop\aswMBR.txt"




ich habe das ganze auch nach den Abstürzen mal im abgesicherten Modus versucht aber das hat leider trotzdem nicht geklappt


Alt 02.07.2012, 10:22   #6
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> TR/ Agent.Gen

Alt 02.07.2012, 13:30   #7
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



hallo daniel

nach dem start der combofix.exe ( wie immer über umwege) kommt ein blaues fenster worin steht

bitte warten combofix wird vorbereitet um ausgeführt zu werden
dann geht sofort ein fenster auf
CF script namensfehler : Hast du versucht CF Script auszuführen?
der name CF Script scheint nicht korrekt buchstabiert zu sein

bestätigen kann ich das dann nur mit OK

Alt 03.07.2012, 07:03   #8
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Wenn du einen Rechtsklick auf die Combofix.exe machst, ist da Öffnen mit an erster Stelle und Fett geschrieben ?


Deaktiviere deine Anti Viren Software.

Drücke mal bitte die Windows + R Taste, kopiere folgendes in die Zeile und klicke auf OK.

"%userprofile%\desktop\Combofix.exe" /killall


Dies sollte Combofix starten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.07.2012, 07:10   #9
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



wenn ich die rechte maustaste drücke dann kommt nur "öffne"
das öffne mit, bzw auch bei den anderen anwendungen öffne als admin gibt es da nicht

und bei der eingabe kommt anwendung nicht gefunden

Alt 03.07.2012, 07:13   #10
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Combofix auf dem Desktop gespeichert ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.07.2012, 07:18   #11
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



das problem ist da wie schon oben beschrieben, ich muss bei allen exe dateien auf öffne gehen, dann geht das öffne mit fenster auf dann muss ich die exe nocheinmal suchen und darauf klicken erst dann gehen die programme auf, in diesem fall also nochmal über das öffne - öffne mit- durchsuchen, dann im menü wieder auf dem desktop auf die exe, erst dann läuft das programm .... aber eben leider nicht richtig

Alt 03.07.2012, 14:59   #12
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
  • Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
  • Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
  • Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
  • Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren




Benenne die Combofix.exe in Combofix.com um und versuch sie mal zu starten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.07.2012, 09:15   #13
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



juhu es hat geklappt :-)


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-02.01 - HOLGER 04.07.2012   9:42.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2211 [GMT 2:00]
ausgeführt von:: c:\users\HOLGER\Desktop\ComboFix.com
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL5293.tmp
c:\users\HOLGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Silverlight.exe
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-04 bis 2012-07-04  ))))))))))))))))))))))))))))))
.
.
2012-07-04 07:50 . 2012-07-04 07:51	--------	d-----w-	c:\users\HOLGER\AppData\Local\temp
2012-07-04 07:50 . 2012-07-04 07:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-04 06:37 . 2012-07-04 06:37	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{71CD26B0-6163-491D-84CC-A902EE13FB18}\offreg.dll
2012-07-03 09:14 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{71CD26B0-6163-491D-84CC-A902EE13FB18}\mpengine.dll
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\users\HOLGER\AppData\Roaming\Malwarebytes
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-27 17:24 . 2012-06-27 17:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-27 17:24 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-27 07:44 . 2012-06-27 07:44	--------	d-----w-	c:\users\HOLGER\AppData\Local\Apps
2012-06-24 08:53 . 2009-06-30 08:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2012-06-24 08:53 . 2012-06-24 08:53	--------	d-----w-	c:\program files\Panda Security
2012-06-22 04:09 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 04:09 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 04:09 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 04:09 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 04:09 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-22 04:09 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 04:09 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 04:09 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 04:09 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 17:48 . 2012-05-17 23:21	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 17:48 . 2012-05-17 22:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 17:48 . 2012-05-17 22:31	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 17:48 . 2012-05-17 22:31	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-06-13 17:48 . 2012-05-17 22:35	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-13 17:48 . 2012-05-17 22:29	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-13 17:47 . 2012-05-17 23:21	748664	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-06-13 17:47 . 2012-05-17 22:45	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-06-13 17:47 . 2012-05-17 22:37	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 17:47 . 2012-05-17 22:38	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 17:47 . 2012-05-17 22:35	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-13 15:48 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:48 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-13 15:48 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 15:48 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 15:48 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:48 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:48 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 15:47 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 15:47 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 15:47 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 04:16 . 2012-03-13 06:30	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-09 04:16 . 2012-03-13 06:30	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-19 18:05 . 2010-12-21 18:40	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-14 22:19 . 2012-06-18 18:09	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49	176936	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 12:24	1310000	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll" [2012-02-15 640000]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-23 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2009-10-01 139944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Backup	REG_MULTI_SZ   	BsBackup
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job
- c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40]
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job
- c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Plasmoo
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-BsScanner
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-04  10:09:38
ComboFix-quarantined-files.txt  2012-07-04 08:09
.
Vor Suchlauf: 11 Verzeichnis(se), 880.867.274.752 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 881.017.188.352 Bytes frei
.
- - End Of File - - F77EA70F0E50383F38393ABF5B4173D7
         
--- --- ---

Alt 04.07.2012, 16:30   #14
Larusso
/// Selecta Jahrusso
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:
ATTFilter
FireFox::
FF - ProfilePath - c:\users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Plasmoo
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0}
ClearJavaCache::
         
Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.


  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.07.2012, 17:13   #15
murmeltiermu
 
TR/ Agent.Gen - Standard

TR/ Agent.Gen



auf diese art kann ich notepad nicht öffnen da kommt anwendung nicht gefunden

kann ich das über den editor auf dem weg öffne mit....
machen oder ist das dann ein falsches format?


ok blödsinn ist ja die selbe anwendung

ok nächstes problem

ich kann den text nicht IN die exe. ziehen die beiden tauschen nur den platz, kann das daran liegen dass ich die exe ja wieder über das öffnen mit.. fenster aktivieren muss? muss/kann ich die combofix exe. wieder in com umbenennen?

Antwort

Themen zu TR/ Agent.Gen
administrator, anti-malware, autostart, bandoo, bingbar, conduit, dateien, dateisystem, desktop, document, exe, explorer, firefox 13.0.1, fund, gelöscht, google earth, heuristiks/extra, heuristiks/shuriken, iminent, iminent toolbar, index, install.exe, klicke, limited.com/facebook, log, malware, microsoft office word, msiexec.exe, nichts, plug-in, programme, programmsymbole, quarantäne, searchqu toolbar, searchscopes, seite, seiten, service, speicher, starten, suche, sweetpacks, test, trojan.agent.ge, version, version=1.0, weiße seite




Ähnliche Themen: TR/ Agent.Gen


  1. Avira Funde: TR/Spy.Agent.1246416 und TR/Spy.Agent.1793892
    Plagegeister aller Art und deren Bekämpfung - 09.10.2015 (17)
  2. Sefnit-HU, Agent-ASEB, Agent-ARQX von Avast gefunden...
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (23)
  3. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  4. Antivir findet ADWARE/Agent.Gaba.peg und TR/Agent.370144
    Log-Analyse und Auswertung - 09.07.2012 (5)
  5. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  6. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  7. pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (3)
  8. Trojanische Pferde (3) mit AVIRA gefunden: TR/Agent.ccg TR/Dropper.Gen TR/Agent.98816.14.B
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (21)
  9. offenes system? TR/Agent.bfpp HTML/Ydergda.B TR/Riner.ZK TR/Riern.H.7 JAVA/Agent.BH
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  10. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  11. TR/Dldr.MSIL.Agent.ON - TR/Agent.204800.BH - noch mehr?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2010 (29)
  12. Verseuchter Rechner mit TR/Click.Agent.AC, TR/Dlder.Mediket.A, ADSPY/Agent.L usw.
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (23)
  13. Trojanerr Epidemie- Agent.AN260, 261, 262, Agent.dyur, Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (25)
  14. TR/Agent.RUO.3 in der Datei 'C:\Windows\System32\wineon.dll' und DR/Agent.ruo ...
    Plagegeister aller Art und deren Bekämpfung - 13.04.2010 (6)
  15. 5 Trojaner ( u.a. TR/Agent.25600.24, TR/Agent.38400.6...) + Rootkit
    Plagegeister aller Art und deren Bekämpfung - 01.03.2010 (1)
  16. BDS/Agent.rfw ; BDS/Agent.rfv ; TR/Agent.wyn ; TR/Dldr.FraudLoad.vbxt
    Log-Analyse und Auswertung - 13.10.2009 (1)
  17. 3 Trojaner: Agent NBU / Agent.BI und WinShow.NAL - kriegs nicht gelöscht :(
    Log-Analyse und Auswertung - 20.03.2005 (1)

Zum Thema TR/ Agent.Gen - Guten Morgen, nach einem plötzlichen verschwinden aller Programmsymbole auf dem Desktop welche dann einfach als weiße Seiten wieder aufgetaucht sind, waren alle Verknüpfungen verschwunden. Alle Programme lassen sich wenn überhaupt - TR/ Agent.Gen...
Archiv
Du betrachtest: TR/ Agent.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.