GVU-Trojaner - Ordner gesperrt

Markus1970 · 22.07.2012, 13:03

nun hat mich auch der GVU (BKA)-Trojaner erwischt (trotz F-Prot). Kann soweit wieder auf mein Benutzerkonto zugreifen, nur MS-Office 1010 funktioniert nicht mehr). Hatte mir mit SARDU zuvor eine Rescue-DVD mit diversen Antiviren-Programmen und einer Linux-Oberkläche erstellt.

Das Problem ist nun, dass ich nicht mehr auf meine Ordner (Anwendungsdaten, usw.) zugreifen kann. Obwohl ich einiges an Erfahrungen im PC-Bereich habe, komme ich hier nicht weiter.

Die Files von OTL habe ich hier angehangen:

:OTL (da ich diese nicht als Datei anhängen kann)
L logfile created on: 22.07.2012 13:08:39 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Markus\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,53% Memory free
3,98 Gb Paging File | 2,39 Gb Available in Paging File | 60,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,24 Gb Total Space | 58,41 Gb Free Space | 41,36% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,30 Gb Free Space | 29,40% Space Free | Partition Type: NTFS
Drive E: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Markus\AppData\Local\Apps\2.0\RWQKLJ5C.Q6C\QG5GX0WA.N22\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - D:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Markus\AppData\Local\Apps\2.0\RWQKLJ5C.Q6C\QG5GX0WA.N22\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\easycnp.dll ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSPC\fspcfsm.eng ()
MOD - \\?\c:\program files\unitymedia\sicherheitspaket\hips\fshook32.dll ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\strres.eng ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\gres.dll ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\flyerres.eng ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\fsavures.eng ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\about.dll ()
MOD - C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\aboutres.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Microsoft SharePoint Workspace Audit Service) -- J:\MSOffice\Office14\GROOVE.EXE /auditservice File not found
SRV - (F-Secure BlackLight Sensor) -- C:\Windows\Temp\F-Secure\Anti-Virus\fsblsrv.exe (F-Secure Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- D:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (FSDFWD) -- C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSORSPClient) -- C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (FSMA) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Driver Services (SafeList) ==========

DRV - (fsbl) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsbldrv.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (F-Secure Gatekeeper) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (easycvfs) -- C:\Windows\System32\drivers\easycvfs.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsvista) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=941d92dd-32fb-453a-8712-0a757e3061da&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www3.u7.eu/start.php?sid=48aqdh6frodtcssavg4bi3jea6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 86 4A 18 CB C7 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=8c01a0fd00000000000000248c0326ec
IE - HKCU\..\SearchScopes\{184FA9AD-06FF-405D-940C-07010A0AC7B8}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE418
IE - HKCU\..\SearchScopes\{2EF9A7EB-27C6-4B32-96B5-27B42DDEE5C1}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B36D8648-AD55-4293-93A6-D39C9AD58D19}&mid=a2934f36979647d0abebd16dcae7cf1f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=st011&pr=sa&d=2012-05-19 10:23:13&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: J:\MSOffice\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: J:\MSOffice\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.07.13 08:09:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 13:30:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 18:28:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 18:28:13 | 000,000,000 | ---D | M]

[2012.05.17 12:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2012.07.19 08:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\12vder6v.default\extensions
[2012.07.17 05:52:20 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\12vder6v.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.05.17 12:14:33 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\12vder6v.default\extensions\ffxtlbr@babylon.com
[2012.06.28 20:56:37 | 000,000,853 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\11-suche.xml
[2012.04.18 01:39:04 | 000,000,931 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\conduit.xml
[2012.06.28 20:56:38 | 000,002,209 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\englische-ergebnisse.xml
[2012.06.28 20:56:37 | 000,010,506 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\gmx-suche.xml
[2012.06.28 20:56:37 | 000,002,368 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\lastminute.xml
[2012.07.17 18:29:37 | 000,015,682 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\Web Search.xml
[2012.06.28 20:56:37 | 000,005,489 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\12vder6v.default\searchplugins\webde-suche.xml
[2012.06.20 17:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.07.09 13:30:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012.06.28 20:56:31 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\12VDER6V.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.18 18:28:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 13:29:25 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.21 16:13:24 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.06.22 17:21:48 | 000,001,328 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.comO1
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\MSOffice\Office14\GROOVEEX.DLL File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - J:\MSOffice\Office14\URLREDIR.DLL File not found
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [BCSSync] "J:\MSOffice\Office14\BCSSync.exe" /DelayServices File not found
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Markus\AppData\Local\Apps\2.0\RWQKLJ5C.Q6C\QG5GX0WA.N22\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [DriveOnWeb easyStorage Client] C:\Program Files\DriveOnWeb EasyStorage Client\easyClient.exe ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\Markus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files\ELOoffice\EloArcConnect.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\MSOffice\Office14\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\MSOffice\Office14\ONBttnIE.dll File not found
O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files\ELOoffice\EloInternetExplorer.htm ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\MSOffice\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\MSOffice\Office14\ONBttnIELinkedNotes.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D23FE219-22E2-4E85-97AD-C199630A2AB0}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - J:\MSOffice\Office14\GROOVEEX.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{80760ffb-33bc-11e0-8679-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{80760ffb-33bc-11e0-8679-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.22 12:58:18 | 000,000,000 | ---D | C] -- C:\Log
[2012.07.22 12:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery-Home
[2012.07.22 12:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery - Home
[2012.07.22 12:10:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.22 12:02:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2012.07.22 12:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 12:02:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.22 12:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.22 11:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fresh
[2012.07.22 11:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Fresh
[2012.07.21 16:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\KeyFinder
[2012.07.21 16:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.21 15:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2012.07.20 19:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader 2
[2012.07.19 20:37:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.07.19 20:35:37 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.07.19 20:35:36 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012.07.19 20:35:35 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.07.19 20:35:35 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.07.19 20:35:35 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.07.19 20:35:35 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.07.19 20:35:31 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012.07.19 20:35:31 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012.07.19 20:35:30 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012.07.19 20:35:24 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012.07.19 20:35:24 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012.07.19 20:35:24 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012.07.19 20:35:24 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012.07.19 20:35:23 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.07.19 20:35:23 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.07.19 20:35:22 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012.07.19 20:35:22 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012.07.19 20:35:22 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012.07.19 20:35:22 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012.07.19 20:35:22 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012.07.19 20:35:20 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012.07.19 20:35:20 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012.07.19 20:35:19 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012.07.19 20:35:18 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.07.19 20:35:17 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2012.07.19 20:35:17 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012.07.19 20:35:17 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.07.19 20:35:17 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.07.19 20:35:16 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012.07.19 20:35:10 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.07.19 20:35:10 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012.07.19 20:35:10 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012.07.19 20:35:10 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012.07.19 20:35:10 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012.07.19 20:35:09 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012.07.19 20:35:09 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012.07.19 20:35:09 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012.07.19 20:35:09 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012.07.19 20:35:08 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012.07.19 20:35:08 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012.07.19 20:35:08 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012.07.19 20:35:08 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012.07.19 20:35:08 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012.07.19 20:35:08 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012.07.19 20:35:08 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012.07.19 20:33:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.07.19 20:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.07.19 20:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012.07.19 20:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\AmIcoSingLun
[2012.07.19 18:42:02 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012.07.19 18:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.07.19 18:41:13 | 000,000,000 | ---D | C] -- C:\Intel
[2012.07.19 18:39:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012.07.19 18:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.07.19 18:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012.07.17 17:44:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\OpenCandy
[2012.07.17 09:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2012.07.10 00:06:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Voxmobili
[2012.07.10 00:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\T-Mobile
[2012.07.10 00:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Sync
[2012.07.08 17:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACCU-CHEK 360°
[2012.07.08 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Roche Diagnostics
[2012.07.08 17:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2012.07.08 17:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2012.07.08 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.07.02 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2012.07.02 20:32:23 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.07.02 20:32:23 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.07.02 17:28:05 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Brother
[2012.07.02 16:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.07.02 16:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012.07.02 16:34:55 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2012.07.02 16:34:55 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012.07.02 16:34:55 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012.07.02 16:34:55 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012.07.02 16:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012.07.02 16:34:46 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2012.07.02 16:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.07.02 16:32:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\InstallShield
[2012.06.30 21:34:26 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\ZinioTabletReader
[2012.06.23 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.06.23 15:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.06.23 15:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.06.23 14:51:56 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.06.23 14:51:56 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.06.23 14:43:39 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.06.23 14:43:25 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012.06.23 14:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2012.06.23 09:11:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\{1520828E-60A8-4C40-BED4-C0B90E8EFA22}
[2012.06.23 09:10:46 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\{8251AA18-8A92-473B-9440-BE15FBF3FAD8}
[2012.06.22 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Adobe
[2012.06.22 17:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.06.22 17:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.06.22 17:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Photoshop CS5
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.22 13:34:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 13:05:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 12:58:41 | 000,000,070 | ---- | M] () -- C:\Windows\spwdrhag.INI
[2012.07.22 12:57:55 | 000,001,231 | ---- | M] () -- C:\Users\Markus\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2012.07.22 12:57:06 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.22 12:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 12:25:38 | 000,036,934 | ---- | M] () -- C:\Users\Markus\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.07.22 12:22:56 | 000,632,049 | ---- | M] () -- C:\Users\Markus\Desktop\adwcleaner.exe
[2012.07.22 12:10:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.22 12:02:20 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 11:28:20 | 000,758,144 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.22 11:28:20 | 000,712,250 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.22 11:28:20 | 000,171,550 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.22 11:28:20 | 000,144,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.22 11:14:04 | 000,023,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 11:14:04 | 000,023,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 11:05:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 11:05:22 | 000,173,536 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.07.22 08:47:36 | 003,794,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.21 16:13:54 | 000,000,484 | ---- | M] () -- C:\user.js
[2012.07.20 19:05:30 | 000,001,897 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.19 18:34:59 | 000,000,903 | ---- | M] () -- C:\Users\Markus\Desktop\Driver Genius Professional Edition.lnk
[2012.07.19 10:11:16 | 000,755,479 | ---- | M] () -- C:\Users\Markus\Documents\Zahlungsmitteilung UM.PDF
[2012.07.18 17:22:52 | 031,360,857 | ---- | M] () -- C:\Users\Markus\15musterfolien.zip
[2012.07.17 18:27:52 | 000,000,079 | ---- | M] () -- C:\Users\Markus\AppData\Local\CrystalDiskMark30.ini
[2012.07.17 17:28:03 | 000,000,017 | ---- | M] () -- C:\Users\Markus\AppData\Local\resmon.resmoncfg
[2012.07.17 16:55:09 | 000,222,709 | ---- | M] () -- C:\Users\Markus\Documents\bestellschein_aponeo.pdf
[2012.07.10 00:05:51 | 000,001,776 | ---- | M] () -- C:\Users\Public\Desktop\Data Sync.lnk
[2012.07.09 11:26:47 | 000,102,064 | ---- | M] () -- C:\Users\Markus\Documents\Zahlungsmitteilung Krankengeld ab 30.05.2012.PDF
[2012.07.08 17:51:47 | 000,002,449 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ACCU-CHEK® 360° – Automatische Erkennung.lnk
[2012.07.08 17:51:47 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\ACCU-CHEK® 360° – System zur Diabetesverwaltung.lnk
[2012.07.05 13:37:09 | 000,000,838 | ---- | M] () -- C:\Windows\wiso.ini
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.02 20:32:14 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.07.02 20:32:13 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.07.02 16:36:01 | 000,000,050 | ---- | M] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.07.02 16:34:49 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.06.30 21:34:30 | 000,003,015 | ---- | M] () -- C:\Users\Markus\Desktop\Zinio Tablet Reader Beta.lnk
[2012.06.29 09:42:00 | 000,045,457 | ---- | M] () -- C:\Users\Markus\Documents\AU-Bescheinigung v. 28.06.2012 - 13.07.2012.PDF
[2012.06.25 11:29:26 | 012,446,239 | ---- | M] () -- C:\Users\Markus\Documents\HP_LaserJet_P2015_Series_Parts,_Service_Manual.pdf
[2012.06.23 15:03:17 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2012.06.23 14:43:27 | 000,002,149 | ---- | M] () -- C:\Users\Markus\Desktop\TuneUp Utilities 2011.lnk
[2012.06.23 10:16:10 | 005,191,941 | ---- | M] () -- C:\Users\Markus\Documents\Leertischler.pdf
[2012.06.22 22:09:19 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012.06.22 17:44:48 | 000,001,255 | ---- | M] () -- C:\Users\Markus\Desktop\Adobe Photoshop CS5.1.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.22 12:57:55 | 000,001,231 | ---- | C] () -- C:\Users\Markus\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2012.07.22 12:57:54 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhag.INI
[2012.07.22 12:57:05 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.22 12:25:29 | 000,036,934 | ---- | C] () -- C:\Users\Markus\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.07.22 12:20:52 | 000,632,049 | ---- | C] () -- C:\Users\Markus\Desktop\adwcleaner.exe
[2012.07.22 12:02:20 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:07:43 | 000,001,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.07.20 19:07:43 | 000,001,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.07.20 19:07:43 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012.07.20 19:05:30 | 000,001,897 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.19 20:35:23 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.07.19 18:34:59 | 000,000,903 | ---- | C] () -- C:\Users\Markus\Desktop\Driver Genius Professional Edition.lnk
[2012.07.19 10:11:16 | 000,755,479 | ---- | C] () -- C:\Users\Markus\Documents\Zahlungsmitteilung UM.PDF
[2012.07.18 17:22:50 | 031,360,857 | ---- | C] () -- C:\Users\Markus\15musterfolien.zip
[2012.07.17 17:44:37 | 000,000,079 | ---- | C] () -- C:\Users\Markus\AppData\Local\CrystalDiskMark30.ini
[2012.07.17 17:28:03 | 000,000,017 | ---- | C] () -- C:\Users\Markus\AppData\Local\resmon.resmoncfg
[2012.07.17 16:55:09 | 000,222,709 | ---- | C] () -- C:\Users\Markus\Documents\bestellschein_aponeo.pdf
[2012.07.10 00:05:51 | 000,001,776 | ---- | C] () -- C:\Users\Public\Desktop\Data Sync.lnk
[2012.07.09 11:26:47 | 000,102,064 | ---- | C] () -- C:\Users\Markus\Documents\Zahlungsmitteilung Krankengeld ab 30.05.2012.PDF
[2012.07.08 17:51:47 | 000,002,449 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ACCU-CHEK® 360° – Automatische Erkennung.lnk
[2012.07.08 17:51:47 | 000,002,345 | ---- | C] () -- C:\Users\Public\Desktop\ACCU-CHEK® 360° – System zur Diabetesverwaltung.lnk
[2012.07.02 16:36:01 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.07.02 16:34:49 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.30 21:34:30 | 000,003,015 | ---- | C] () -- C:\Users\Markus\Desktop\Zinio Tablet Reader Beta.lnk
[2012.06.30 21:34:30 | 000,002,975 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zinio Tablet Reader Beta.lnk
[2012.06.29 09:42:00 | 000,045,457 | ---- | C] () -- C:\Users\Markus\Documents\AU-Bescheinigung v. 28.06.2012 - 13.07.2012.PDF
[2012.06.25 11:29:18 | 012,446,239 | ---- | C] () -- C:\Users\Markus\Documents\HP_LaserJet_P2015_Series_Parts,_Service_Manual.pdf
[2012.06.23 15:03:17 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.06.23 14:43:27 | 000,002,149 | ---- | C] () -- C:\Users\Markus\Desktop\TuneUp Utilities 2011.lnk
[2012.06.23 14:43:25 | 000,002,179 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012.06.23 10:16:09 | 005,191,941 | ---- | C] () -- C:\Users\Markus\Documents\Leertischler.pdf
[2012.06.22 22:09:19 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012.06.22 22:09:19 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1.lnk
[2012.06.22 17:44:48 | 000,001,255 | ---- | C] () -- C:\Users\Markus\Desktop\Adobe Photoshop CS5.1.lnk
[2012.06.22 17:41:00 | 000,001,217 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012.06.22 17:39:29 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012.06.22 17:37:05 | 000,001,411 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012.06.22 17:36:35 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012.06.22 17:34:33 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.05.17 16:37:55 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.02.14 21:48:04 | 000,000,008 | RHS- | C] () -- C:\ProgramData\A8E5F78D82.sys
[2011.02.14 21:33:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3569A6630C.sys
[2011.02.14 21:33:30 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.02.13 13:28:56 | 000,000,838 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.11 14:22:59 | 000,000,301 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.11 14:12:57 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.11 14:12:36 | 000,350,208 | ---- | C] () -- C:\Windows\System32\EloOpenOffice.dll
[2011.02.11 14:12:36 | 000,163,160 | ---- | C] () -- C:\Windows\System32\ELOComRes.dll
[2011.02.11 14:12:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\fteh006n.dll
[2011.02.11 14:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI
[2011.02.09 20:20:30 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\{90035EFA-375F-40d5-A092-1B85C86F6C88}.ini
[2011.02.09 20:20:17 | 000,471,109 | ---- | C] () -- C:\Windows\System32\DOWCommon.dll
[2011.02.09 20:20:17 | 000,094,088 | ---- | C] () -- C:\Windows\System32\drivers\easycvfs.sys
[2011.02.09 20:20:16 | 000,077,897 | ---- | C] () -- C:\Windows\System32\easycnp.dll
[2011.02.09 20:20:15 | 000,184,320 | ---- | C] () -- C:\Windows\System32\bigint.dll
[2011.02.09 13:18:15 | 000,016,896 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.08 22:21:09 | 000,000,069 | ---- | C] () -- C:\Windows\spwdr.INI
[2011.02.08 22:20:00 | 000,000,057 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011.02.08 22:19:56 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011.02.08 22:19:56 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011.02.08 22:19:56 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011.02.08 22:19:56 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe

========== LOP Check ==========

[2012.06.09 18:38:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Abelssoft
[2011.02.09 13:17:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ACD Systems
[2011.02.15 17:16:04 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Ashampoo
[2012.05.29 12:52:22 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Avery
[2011.02.15 15:34:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Azureus
[2012.05.17 12:07:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Babylon
[2012.06.11 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Buhl Data Service
[2012.05.17 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Canon
[2012.06.23 17:48:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011.02.10 18:52:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\GetRightToGo
[2011.02.14 16:30:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\GHISLER
[2012.07.17 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenCandy
[2012.05.19 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PowerISO
[2012.07.05 11:10:30 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Spotify
[2011.02.14 17:48:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TuneUp Software
[2012.07.10 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Voxmobili
[2012.05.17 13:16:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Windows Live Writer
[2012.07.18 09:12:56 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C5760A8B

< End of report >

Ich hoffe es kann mir Jemand helfen...

Gruß aus dem Wittgensteiner Ländle
Markus

t'john · 22.07.2012, 23:44

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () 
PRC - C:\Program Files\AVG Secure Search\vprot.exe () 
MOD - C:\Users\Markus\AppData\Local\Apps\2.0\RWQKLJ5C.Q6C\QG5GX0WA.N22\frit..tion_8488884cfbcefd60_0002.00 02_8541bf1f4a1c673d\managedupnp.DLL () 
SRV - (Microsoft SharePoint Workspace Audit Service) -- J:\MSOffice\Office14\GROOVE.EXE /auditservice File not found 
SRV - (F-Secure BlackLight Sensor) -- C:\Windows\Temp\F-Secure\Anti-Virus\fsblsrv.exe (F-Secure Corporation) 
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () 
DRV - (fsbl) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsbldrv.sys File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} 
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=941d92dd-32fb-453a-8712-0a757e3061da&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=77b44775-de38-45a7-9b20-a1bd1b7c22a2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=8c01a0fd00000000000000248c0326ec 
IE - HKCU\..\SearchScopes\{184FA9AD-06FF-405D-940C-07010A0AC7B8}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE418 
IE - HKCU\..\SearchScopes\{2EF9A7EB-27C6-4B32-96B5-27B42DDEE5C1}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B36D8648-AD55-4293-93A6-D39C9AD58D19}&mid=a2934f36979647d0abebd16dcae7cf1f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=st011&pr=sa&d=2012-05-19 10:23:13&v=11.1.0.7&sap=dsp&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" 
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: J:\MSOffice\Office14\NPAUTHZ.DLL File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: J:\MSOffice\Office14\NPSPWRAP.DLL File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 13:30:18 | 000,000,000 | ---D | M] 
[2012.07.09 13:30:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12 
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\MSOffice\Office14\GROOVEEX.DLL File not found 
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - J:\MSOffice\Office14\URLREDIR.DLL File not found 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. 
O4 - HKLM..\Run: [BCSSync] "J:\MSOffice\Office14\BCSSync.exe" /DelayServices File not found 
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Markus\AppData\Local\Apps\2.0\RWQKLJ5C.Q6C\QG5GX0WA.N22\frit..tion_8488884cfbcefd60_0002.00 02_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) 
O4 - HKCU..\Run: [DriveOnWeb easyStorage Client] C:\Program Files\DriveOnWeb EasyStorage Client\easyClient.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found 
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\MSOffice\Office14\ONBttnIE.dll File not found 
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\MSOffice\Office14\ONBttnIE.dll File not found 
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\MSOffice\Office14\ONBttnIELinkedNotes.dll File not found 
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\MSOffice\Office14\ONBttnIELinkedNotes.dll File not found 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - J:\MSOffice\Office14\GROOVEEX.DLL File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{80760ffb-33bc-11e0-8679-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{80760ffb-33bc-11e0-8679-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe 
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:7631EA83 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C5760A8B 
[2012.05.17 12:14:33 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\12vder6v.default\extensions\ffxtlbr@babylon .com 
[2012.07.09 13:30:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12 
[2012.07.21 16:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar 

[2012.07.22 11:14:04 | 000,023,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.22 11:14:04 | 000,023,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 

 
[2012.06.23 14:43:39 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe 

[2012.07.22 13:34:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.22 13:05:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.22 12:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.20 19:05:30 | 000,001,897 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.05.17 12:07:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Babylon 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Markus1970 · 23.07.2012, 17:07

Hallo t´john,

habe das zur Verfügung (Danke) gestellte Skript in OTL eingefügt und bin dann auf fix gegangen. Hat soweit alles geklappt. Nur kann ich - wie zuvor auch - nicht auf einige Ordner (wie z.B. Anwendungsdaten) nicht zugreifen! Es kommt die Meldung "Zugriff verweigert!". AV-Programme und Malwarebytes Anti-Malware" zeigen an, dass der rechner sauber ist.

Hier nun das LOG-File von OTL

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named ToolbarUpdater.exe was found!
No active process named vprot.exe was found!
Error: No service named Microsoft SharePoint Workspace Audit Service was found to stop!
Service\Driver key Microsoft SharePoint Workspace Audit Service not found.
File  J:\MSOffice\Office14\GROOVE.EXE /auditservice File not found not found.
Error: No service named F-Secure BlackLight Sensor was found to stop!
Service\Driver key F-Secure BlackLight Sensor not found.
File  C:\Windows\Temp\F-Secure\Anti-Virus\fsblsrv.exe  not found.
Error: No service named vToolbarUpdater11.2.0 was found to stop!
Service\Driver key vToolbarUpdater11.2.0 not found.
File  C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe  not found.
Error: No service named fsbl was found to stop!
Service\Driver key fsbl not found.
File  C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsbldrv.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{184FA9AD-06FF-405D-940C-07010A0AC7B8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184FA9AD-06FF-405D-940C-07010A0AC7B8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EF9A7EB-27C6-4B32-96B5-27B42DDEE5C1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EF9A7EB-27C6-4B32-96B5-27B42DDEE5C1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "uTorrentBar_DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.babylon.com/?babsrc=HP_Prot" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
Folder C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVMUSBFernanschluss deleted successfully.
File C:\Users\Markus\AppData\Local\Apps\2.0\RWQKLJ5C.Q6C\QG5GX0WA.N22\frit..tion_8488884cfbcefd60_0002.00 02_8541bf1f4a1c673d\AVMAutoStart.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriveOnWeb easyStorage Client not found.
File C:\Program Files\DriveOnWeb EasyStorage Client\easyClient.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80760ffb-33bc-11e0-8679-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80760ffb-33bc-11e0-8679-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80760ffb-33bc-11e0-8679-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80760ffb-33bc-11e0-8679-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Unable to delete ADS C:\ProgramData\TEMP:7631EA83 .
Unable to delete ADS C:\ProgramData\TEMP:C5760A8B .
Folder C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\12vder6v.default\extensions\ffxtlbr@babylon .com\ not found.
Folder C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\ not found.
Folder C:\Program Files\BabylonToolbar\ not found.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
File C:\Windows\System32\TURegOpt.exe not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
Folder C:\Users\Markus\AppData\Roaming\Babylon\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Markus\Desktop\cmd.bat deleted successfully.
C:\Users\Markus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Markus
->Temp folder emptied: 146769 bytes
->Temporary Internet Files folder emptied: 11051998 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39722797 bytes
->Flash cache emptied: 652 bytes
 
User: Public
 
User: Tina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12991793 bytes
RecycleBin emptied: 350193792 bytes
 
Total Files Cleaned = 395,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Markus
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tina
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_170745

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john · 23.07.2012, 17:16

Sehr gut!

Auf welchen Pfad hast du keinen zugriff?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

t'john · 07.08.2012, 15:43

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU-Trojaner - Ordner gesperrt

Log-Analyse und Auswertung: GVU-Trojaner - Ordner gesperrt