Bundespolizei Trojaner (Computer-Sperrung) - CH Version

Chemicus · 23.07.2012, 16:23

Hallo zusammen,

habe mir den Bundespolizei Trojaner eingefangen, welcher
http://www.trojaner-board.de/116052-...-gesperrt.html beschrieben wird, mit der einzigen Ausnahme, dass es sich um die Schweizer-Version davon handelt (links oben schweizer Wappen, rechts steht Schweizerische Eidgenossenschaft...etc. anstatt Bundespolizei).

Kann meinen Computer nur noch im abgesicherten Modus starten, ansonsten
tritt gleich nach Anmeldung besagte Sperrung auf.

Habe den defogger im abgesicherten Modus ausgeführt.
Anschliessend hab ich OTL.exe ausgeführt, hier die zwei gewünschten Files:

Zitat:

Zitat von OTL.txt

OTL logfile created on: 23.07.2012 16:58:04 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*******\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 84.40% Memory free

8.17 Gb Paging File | 7.68 Gb Available in Paging File | 94.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 39.83 Gb Free Space | 8.55% Space Free | Partition Type: NTFS

Drive D: | 309.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.81 Gb Total Space | 0.68 Gb Free Space | 17.77% Space Free | Partition Type: FAT32

Computer Name: ******RITLE-PC | User Name: ****** ****** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.23 16:31:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****** ******\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012.06.27 12:42:45 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012.06.26 12:42:38 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.06.23 12:20:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.06.21 18:10:31 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam C210(UVC)

DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011.10.03 16:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2009.08.15 19:53:27 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.12.17 19:56:31 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2008.01.21 04:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008.01.16 11:18:12 | 000,610,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys -- (RT73)

DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D963E111-368E-464A-90D7-7B6E83E96EE5}&mid=c682c30038f847d696ccd14d0df3847a-d7f8af831fe1dff2f7425f611acab2fca486ba11&lang=de&ds=AVG&pr=fr&d=2012-06-27 12:42:46&v=11.1.0.12&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.21 16:49:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.06.27 12:42:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.03 18:20:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.04 12:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 12:20:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 12:47:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 12:20:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 12:47:55 | 000,000,000 | ---D | M]

[2010.06.09 14:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****** ******\AppData\Roaming\mozilla\Extensions

[2010.06.09 14:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****** ******\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2012.05.02 20:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****** ******\AppData\Roaming\mozilla\Firefox\Profiles\v1ov691r.default\extensions

[2012.05.03 20:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.07.04 12:32:02 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK

[2012.06.27 12:42:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12

[2012.06.23 12:20:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.04 20:15:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.23 12:20:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.27 12:42:44 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.06.23 12:20:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.23 12:20:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.23 12:20:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.23 12:20:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.23 12:20:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [pdopxokrwllrelh] C:\ProgramData\pdopxokr.exe ()

O4 - Startup: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****** ******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\PLUGINS\Npcdp32.dll (CambridgeSoft.Com)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABC5A3-1723-44D4-A756-F301E3E24541}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A81ACED-8BDD-44C7-B482-A4D0FB774C3F}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8610D1D7-C4E1-49C0-A4FB-631EAF5277C6}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB2BC55D-2234-4F3E-B91E-A028A6EABA0E}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002.08.13 13:07:30 | 000,000,126 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell - "" = AutoRun

O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe

O33 - MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell - "" = AutoRun

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\applet\command - "" = E:\autorun\autorun.exe /s

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\directx\command - "" = E:\dxsetup\dxinst.exe -iadv.ini

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\ereg\command - "" = E:\ereg\ereg32.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\install\command - "" = E:\setup.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\readfile\command - "" = Notepad Readme.txt

O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2002.09.25 04:45:06 | 000,536,673 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell\setup\command - "" = D:\SETUP.EXE -- [2002.09.25 04:45:06 | 000,536,673 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{85daf5c9-a05c-11de-a1f3-00044b176d89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe

O33 - MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\Shell\AutoRun\command - "" = E:\

O33 - MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\Shell\open\Command - "" = rundll32.exe .\\craxdrj.dll,InstallM

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.23 16:55:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\****** ******\Desktop\OTL.exe

[2012.07.22 17:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\oqixfbsvwgaqphc

[2012.07.21 16:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012.06.26 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\****** ******\Documents\Sniper - Ghost Warrior

[2012.06.26 13:08:16 | 000,000,000 | ---D | C] -- C:\Users\****** ******\Documents\Activision

========== Files - Modified Within 30 Days ==========

[2012.07.23 16:50:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.23 16:48:14 | 000,000,020 | ---- | M] () -- C:\Users\****** ******\defogger_reenable

[2012.07.23 16:43:44 | 001,418,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.23 16:43:44 | 000,617,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.23 16:43:44 | 000,586,568 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.23 16:43:44 | 000,122,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.23 16:43:44 | 000,100,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.23 16:36:32 | 000,049,462 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.07.23 16:36:25 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 16:36:24 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 16:31:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****** ******\Desktop\OTL.exe

[2012.07.23 16:29:02 | 000,050,477 | ---- | M] () -- C:\Users\****** ******\Desktop\Defogger.exe

[2012.07.22 20:55:21 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job

[2012.07.22 20:54:27 | 000,049,462 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.07.22 17:20:00 | 000,001,356 | ---- | M] () -- C:\Users\****** ******\AppData\Local\d3d9caps.dat

[2012.07.22 17:03:52 | 000,000,051 | ---- | M] () -- C:\ProgramData\rieouguaoxjrkik

[2012.07.22 17:03:49 | 000,053,248 | ---- | M] () -- C:\ProgramData\pdopxokr.exe

[2012.07.22 17:03:49 | 000,053,248 | ---- | M] () -- C:\Users\****** ******\0.2660351577085618.exe

[2012.07.22 12:49:52 | 101,926,143 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012.07.21 17:59:31 | 000,372,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.21 16:49:45 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012.07.08 20:54:31 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.07.08 20:54:31 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.07.08 20:53:53 | 000,215,152 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.07.08 17:50:12 | 000,000,943 | ---- | M] () -- C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.07.05 18:05:55 | 000,505,000 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012.06.27 12:42:32 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm

[2012.06.26 12:42:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012.07.23 16:48:14 | 000,000,020 | ---- | C] () -- C:\Users\****** ******\defogger_reenable

[2012.07.23 16:47:13 | 000,050,477 | ---- | C] () -- C:\Users\****** ******\Desktop\Defogger.exe

[2012.07.23 16:36:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@

[2012.07.23 16:36:55 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@

[2012.07.23 16:36:55 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@

[2012.07.23 16:36:55 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@

[2012.07.23 16:36:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@

[2012.07.23 16:36:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@

[2012.07.22 17:03:52 | 000,053,248 | ---- | C] () -- C:\ProgramData\pdopxokr.exe

[2012.07.22 17:03:49 | 000,053,248 | ---- | C] () -- C:\Users\****** ******\0.2660351577085618.exe

[2012.07.22 17:03:49 | 000,000,051 | ---- | C] () -- C:\ProgramData\rieouguaoxjrkik

[2012.07.08 17:50:12 | 000,000,943 | ---- | C] () -- C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.07.05 20:01:37 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\L\00000004.@

[2012.04.11 23:05:29 | 011,454,800 | ---- | C] () -- C:\Users\****** ******\ts3_recording_12_04_11_23_5_28.wav

[2012.04.11 22:57:18 | 016,164,560 | ---- | C] () -- C:\Users\****** ******\ts3_recording_12_04_11_22_57_11.wav

[2012.04.02 21:33:13 | 000,000,178 | ---- | C] () -- C:\Windows\dievölkergold.ini

[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012.01.11 12:22:03 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@

[2012.01.11 12:22:03 | 000,002,048 | -HS- | C] () -- C:\Users\****** ******\AppData\Local\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@

[2010.12.25 20:46:58 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2010.12.25 20:46:58 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2010.10.09 15:29:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010.08.10 17:50:29 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.03.14 23:01:01 | 000,017,408 | ---- | C] () -- C:\Users\****** ******\AppData\Local\WebpageIcons.db

[2010.02.04 19:28:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.05.11 18:23:12 | 000,049,462 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.05.11 18:23:12 | 000,049,462 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.01.23 21:28:44 | 000,001,356 | ---- | C] () -- C:\Users\****** ******\AppData\Local\d3d9caps.dat

[2008.12.05 19:41:11 | 000,191,488 | ---- | C] () -- C:\Users\****** ******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.11.24 18:06:13 | 000,000,732 | ---- | C] () -- C:\Users\****** ******\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2009.03.04 17:40:47 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\.tswebeditor

[2012.06.08 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\AVG

[2012.06.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\AVG2012

[2011.09.07 16:23:45 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Canon

[2012.03.21 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\CCDC

[2008.12.17 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DAEMON Tools

[2009.08.08 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DAEMON Tools Lite

[2008.12.17 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DAEMON Tools Pro

[2012.07.22 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Dropbox

[2011.07.24 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DVDVideoSoft

[2011.03.04 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.13 20:47:37 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\FileZilla

[2012.05.10 15:22:27 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Leadertech

[2010.01.28 16:05:09 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\MPEG Streamclip

[2011.09.18 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Origin

[2009.11.04 18:47:50 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\SPORE

[2012.04.24 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\TS3Client

[2009.02.22 13:12:53 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\TuneUp Software

[2010.03.03 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Ubisoft

[2010.11.14 20:58:30 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Wuala

[2012.07.23 16:38:43 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.07.22 20:55:21 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Zitat:

Zitat von Extras

OTL Extras logfile created on: 23.07.2012 16:58:04 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\****** ******\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 84.40% Memory free

8.17 Gb Paging File | 7.68 Gb Available in Paging File | 94.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 39.83 Gb Free Space | 8.55% Space Free | Partition Type: NTFS

Drive D: | 309.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.81 Gb Total Space | 0.68 Gb Free Space | 17.77% Space Free | Partition Type: FAT32

Computer Name: *********-PC | User Name: ****** ****** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

"VistaSp2" = 08 C4 AE F8 D0 D7 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"AVG" = AVG 2012

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1

"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 20060920

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DDAF49F-500E-404F-9894-D5F005B8FA4E}" = SpinWorks_3

"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer

"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.4

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{BE16CD3F-FE02-42CD-8F0B-00FB1214AA89}" = ChemOffice Ultra 7.0

"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold

"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy

"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}" = Sony Net MD Help

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires" = Microsoft Age of Empires

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic

"AoWSM_UPatch" = AoW...

"Biolab_is1" = Biolab ´07

"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Chemicus II_is1" = Chemicus II

"Chemicus_is1" = Chemicus

"conduitEngine" = Conduit Engine

"'Das Achte Weltwunder'" = 'Das Achte Weltwunder'

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX-Setup

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Fallout Tactics" = Fallout Tactics

"Fallout2" = Fallout2

"FileZilla Client" = FileZilla Client 3.5.1

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free YouTube Download_is1" = Free YouTube Download version 2.10.31

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722

"Guild Wars" = GUILD WARS

"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch

"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch

"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch

"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch

"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch

"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"Mercury 3.0" = Mercury

"mIRC" = mIRC

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"Origin" = Origin

"Physicus II_is1" = Physicus II ´07

"Physikus_is1" = Physikus ´07

"PunkBusterSvc" = PunkBuster Services

"PyMOL" = PyMOL

"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 22380" = Fallout: New Vegas

"Steam App 34830" = Sniper: Ghost Warrior

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Steam App 6850" = Hitman 2: Silent Assassin

"Steam App 6860" = Hitman: Blood Money

"Steam App 6900" = Hitman: Codename 47

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 91310" = Dead Island

"SystemRequirementsLab" = System Requirements Lab

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Two Worlds" = Two Worlds

"Two Worlds II" = Two Worlds II

"Uninstall_is1" = Uninstall 1.0.0.1

"UnityWebPlayer" = Unity Web Player

"VLC media player" = VideoLAN VLC media player 0.8.6d

"WinRAR archiver" = WinRAR Archivierer

"Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 05.02.2011 14:32:22 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 05.02.2011 14:58:16 | Computer Name = *********-PC | Source = Application Hang | ID = 1002

Description = Programm BlackOps.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows

zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

zu suchen. Prozess-ID: ce0 Anfangszeit: 01cbc5668a7e88b7 Zeitpunkt der Beendigung:

144

Error - 06.02.2011 07:30:46 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 06.02.2011 10:25:12 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 06.02.2011 12:41:25 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 06.02.2011 13:41:22 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 07.02.2011 06:59:32 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 07.02.2011 14:43:05 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 07.02.2011 16:48:48 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 08.02.2011 08:03:57 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

[ OSession Events ]

Error - 24.03.2010 17:17:25 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3209

seconds with 1860 seconds of active time. This session ended with a crash.

Error - 28.03.2010 12:14:07 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3777

seconds with 2580 seconds of active time. This session ended with a crash.

Error - 30.03.2010 15:26:13 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1681

seconds with 900 seconds of active time. This session ended with a crash.

Error - 11.09.2011 15:52:57 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2759

seconds with 1140 seconds of active time. This session ended with a crash.

Error - 07.12.2011 18:43:27 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6872

seconds with 4260 seconds of active time. This session ended with a crash.

Error - 15.01.2012 17:48:32 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12037

seconds with 2460 seconds of active time. This session ended with a crash.

Error - 15.01.2012 17:48:51 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9

seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.01.2012 17:49:01 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0

seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.01.2012 19:23:21 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5654

seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:17 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:19 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

[ TuneUp Events ]

Error - 08.06.2009 06:48:10 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 08.06.2009 12:14:08 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 08.06.2009 12:14:33 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 08.06.2009 12:14:58 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 09.06.2009 06:44:17 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 10.06.2009 06:49:32 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 13.06.2009 13:06:47 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 13.06.2009 13:07:17 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 13.06.2009 13:07:42 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 01.07.2009 13:54:37 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

< End of report >

Es handelt sich um ein 64bit System, also habe ich keinen Gwer scan gemacht.

Bevor die Sperrung auftrat hat mein Antivirusprogramm (AVG free edition) schon Trojaner gemeldet (das war irgendwas mit Patch_c. --> Endung weiss ich nicht mehr, in einer system Datei in WINDOWS).
Ausserdem hab ich nach der Sperrung einerseits einen AVG Scan im abgesicherten Modus durchgeführt und 2. aus Panik meine Daten zu verlieren, ein paar Bilder vom Computer auf eine externe Festplatte kopiert (aus dem abgesicherten Modus). War das ein Fehler? Bzw. können auch die Bilder infiziert sein? und soll ich diese einfach von der externen Festplatte löschen oder kann ich sie behalten?

Vielen Dank im Vorraus,

mit freundlichen Grüssen,
Chemicus

t'john · 24.07.2012, 01:52

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
SRV - [2012.06.27 12:42:45 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D963E111-368E-464A-90D7-7B6E83E96EE5}&mid=c682c30038f847d696ccd14d0df3847a-d7f8af831fe1dff2f7425f611acab2fca486ba11&lang=de&ds=AVG&pr=fr&d=2012-06-27 12:42:46&v=11.1.0.12&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found 
O4 - HKCU..\Run: [pdopxokrwllrelh] C:\ProgramData\pdopxokr.exe () 
O4 - Startup: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****** ******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 
O4 - Startup: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found 
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell - "" = AutoRun 
O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true 
O33 - MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe 
O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell - "" = AutoRun 
O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\applet\command - "" = E:\autorun\autorun.exe /s 
O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe 
O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{85daf5c9-a05c-11de-a1f3-00044b176d89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe 
O33 - MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\Shell\AutoRun\command - "" = E:\ 
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 
[2012.07.23 16:36:25 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.23 16:36:24 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.23 16:36:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@ 
[2012.07.23 16:36:55 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@ 
[2012.07.23 16:36:55 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@ 
[2012.07.23 16:36:55 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@ 
[2012.07.23 16:36:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@ 
[2012.07.23 16:36:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@ 
.dll 
[2010.08.10 17:50:29 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe 
:Files

C:\ProgramData\pdopxokr.exe
C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe
C:\ProgramData\oqixfbsvwgaqphc
C:\ProgramData\nvModes.001
C:\Windows\tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job
C:\ProgramData\nvModes.dat
C:\ProgramData\rieouguaoxjrkik
C:\Users\****** ******\0.2660351577085618.exe
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\L\00000004.@
C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@
C:\Users\****** ******\AppData\Local\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@
C:\Windows\Tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Chemicus · 04.08.2012, 11:08

Hallo t'john,

eins vorneweg: Herzlichen Dank, für deine Hilfe.

ich war im Urlaub und konnte daher nicht reagieren, bin jetzt aber zurück und
hab rund um die Uhr Zeit den Trojaner auszumerzen.

Ich hab das von dir geschriebene Skript kopiert, im Word wieder meinen
Benutzernamen für die ****** ****** eingesetzt und laufen lassen. Das
alles im abgesicherten Modus (sah im abgesicherten Modus nirgends einen
Hinweis, dass mein Antivirusprogramm AVG aktiviert ist, oder wie ich
es deaktivieren könnte. Nahm an, es ist wohl deaktiviert in dem Modus?)

Hier das Logfile nach dem OTL-Fix:

Code:

ATTFilter

All processes killed

Error: Unable to interpret <:OTL SRV - [2012.06.27 12:42:45 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)   IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}  IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}  IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)  IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}  IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050  IE - HKCU\..\URLSearchHook: {872b5b88-9db5> in the current context!

Error: Unable to interpret <-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)  IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}  IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC  IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D963E111-368E-464A-90D7-7B6E83E96EE5}&mid=c682c30038f847d696ccd14d0df3847a-d7f8af831fe1dff2f7425f611acab2fca486ba11&lang=de&ds=AVG&pr=fr&d=2012-06-27 12:42:46&v=11.1.0.12&sap=dsp&q={searchTerms}  IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local  FF - prefs.js..browser.search.defaul> in the current context!

Error: Unable to interpret <tenginename: "AVG Secure Search"  FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"  FF - user.js - File not found  FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found  FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found  O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)  O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)  O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)  O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bd> in the current context!

Error: Unable to interpret <d0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)  O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)  O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)  O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()  O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found  O4 - HKCU..\Run: [pdopxokrwllrelh] C:\ProgramData\pdopxokr.exe ()  O4 - Startup: C:\Users\Andreas Ritler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)  O4 - Startup: C:\Users\Andreas Ritler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech > in the current context!

Error: Unable to interpret <. Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1  O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found  O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found  O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll F> in the current context!

Error: Unable to interpret <ile not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found  O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_C> in the current context!

Error: Unable to interpret <atalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)  O32 - HKLM CDRom: AutoRun - 1  O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d8> in the current context!

Error: Unable to interpret <9}\Shell - "" = AutoRun  O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true  O33 - MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe  O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell - "" = AutoRun  O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\applet\command - "" = E:\autorun\autorun.exe /s  O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe  O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell - "" = AutoRun  O33 - MountPoints2\{85daf5c9-a05c-11de-a1f3-00044b176d89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe  O33 - MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\Shell\AutoRun\command - "" = E:\    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4  [20> in the current context!

Error: Unable to interpret <12.07.23 16:36:25 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0  [2012.07.23 16:36:24 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0  [2012.07.23 16:36:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@  [2012.07.23 16:36:55 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@  [2012.07.23 16:36:55 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@  [2012.07.23 16:36:55 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@  [2012.07.23 16:36:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@  [2012.07.23 16:36:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-> in the current context!

Error: Unable to interpret <6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@  .dll  [2010.08.10 17:50:29 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe  :Files  C:\ProgramData\pdopxokr.exe C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe C:\ProgramData\oqixfbsvwgaqphc C:\ProgramData\nvModes.001 C:\Windows\tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job C:\ProgramData\nvModes.dat C:\ProgramData\rieouguaoxjrkik C:\Users\Andreas Ritler\0.2660351577085618.exe C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@ C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@ C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@ C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@ C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@ C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@ C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\L\00000004.@ C:\Windows\I> in the current context!

Error: Unable to interpret <nstaller\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@ C:\Users\Andreas Ritler\AppData\Local\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@ C:\Windows\Tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]      > in the current context!


OTL by OldTimer - Version 3.2.54.0 log created on 08042012_115640

t'john · 04.08.2012, 14:54

Du hast den Fix falsch kopiert!

Benutze einen anderen Browser zum rauskopieren!
Nochmal!

Chemicus · 04.08.2012, 20:21

Hallo t'john,

nach nochmaligem fixen, hier das logfile:

Code:

ATTFilter

ˇ˛All processes killed

========== OTL ==========

Service vToolbarUpdater11.2.0 stopped successfully!

Service vToolbarUpdater11.2.0 deleted successfully!

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename

Prefs.js: "hxxp://www.google.ch/" removed from browser.startup.homepage

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.

File WebPrint EX\ewpexhlp.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pdopxokrwllrelh deleted successfully.

C:\ProgramData\pdopxokr.exe moved successfully.

C:\Users\Andreas Ritler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.

C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.

C:\Users\Andreas Ritler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk moved successfully.

C:\Program Files (x86)\Logitech\Ereg\eReg.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save YouTube Video as MP3\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save YouTube Video as MP3\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\ not found.

File "E:\WD SmartWare.exe" autoplay=true not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a158a2-dcea-11de-8707-00044b176d89}\ not found.

File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fea5643-cc64-11dd-a2bd-00044b176d89}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fea5643-cc64-11dd-a2bd-00044b176d89}\ not found.

File E:\autorun\autorun.exe /s not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fea5643-cc64-11dd-a2bd-00044b176d89}\ not found.

File E:\autorun\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85daf5c9-a05c-11de-a1f3-00044b176d89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85daf5c9-a05c-11de-a1f3-00044b176d89}\ not found.

File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{badba9eb-b0f4-11de-adee-00044b176d89}\ not found.

File E:\ not found.

ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.

File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@ moved successfully.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@ moved successfully.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@ moved successfully.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@ moved successfully.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@ moved successfully.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@ moved successfully.

C:\Windows\SysWOW64\pbsvc.exe moved successfully.

========== FILES ==========

File\Folder C:\ProgramData\pdopxokr.exe not found.

File\Folder C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe not found.

C:\ProgramData\oqixfbsvwgaqphc folder moved successfully.

C:\ProgramData\nvModes.001 moved successfully.

C:\Windows\tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job moved successfully.

C:\ProgramData\nvModes.dat moved successfully.

C:\ProgramData\rieouguaoxjrkik moved successfully.

C:\Users\Andreas Ritler\0.2660351577085618.exe moved successfully.

File\Folder C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@ not found.

File\Folder C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@ not found.

File\Folder C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@ not found.

File\Folder C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@ not found.

File\Folder C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@ not found.

File\Folder C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@ not found.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\L\00000004.@ moved successfully.

C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@ moved successfully.

C:\Users\Andreas Ritler\AppData\Local\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@ moved successfully.

File\Folder C:\Windows\Tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job not found.

< ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl sungscache konnte nicht geleert werden: Beim AusfÅhren der Funktion ist ein Fehler aufgetreten.

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Andreas Ritler

->Temp folder emptied: 4689011096 bytes

->Temporary Internet Files folder emptied: 6505670987 bytes

->Java cache emptied: 90533 bytes

->FireFox cache emptied: 903541697 bytes

->Flash cache emptied: 29150 bytes

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 20603734 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 11'558.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Andreas Ritler

->Flash cache emptied: 0 bytes

 

User: AppData

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.54.0 log created on 08042012_204418

t'john · 04.08.2012, 20:26

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Chemicus · 05.08.2012, 12:34

Hallo t'john

der Rechner läuft wieder, ohne dass der Trojaner auftritt. Allerdings hab ich
keine Internetverbindung mehr (findet keine Netzwerke) und kann daher
die Malwarebytes Anti-Malware nicht aktualisieren.

Habe jetzt trotzdem einen Scan gemacht (Aktualisierungsdatum: 03.07.2012).
Das Logfile aber aus Versehen geschlossen, finde ich das noch irgendwo?

Soll ich nun mit AdwCleaner fortfahren oder muss ich zuerst eine aktuellere
Version von der Anti-Malware hinkriegen?

Lieber Gruss,
Chemicus

t'john · 05.08.2012, 12:37

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL


:Services

:Reg

:Files
ipconfig /flushdns /c
ipconfig /all /c
netsh winsock reset catalog /c
netsh winsock reset /c
netsh int ipv4 reset reset.log /c
netsh int ipv6 reset reset.log /c
:Commands
[purity]
[emptytemp]
[Reboot]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Chemicus · 05.08.2012, 13:12

Hier das logfile nach dem neuen fixen:

Code:

ATTFilter

ˇ˛All processes killed

========== OTL ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl sungscache konnte nicht geleert werden: Beim AusfÅhren der Funktion ist ein Fehler aufgetreten.

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

< ipconfig /all /c >

Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : AndreasRitle-PC

   Prim res DNS-Suffix . . . . . . . : 

   Knotentyp . . . . . . . . . . . . : Hybrid

   IP-Routing aktiviert  . . . . . . : Nein

   WINS-Proxy aktiviert  . . . . . . : Nein

Ethernet-Adapter LAN-Verbindung 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : NVIDIA nForce-Netzwerkcontroller #2

   Physikalische Adresse . . . . . . : 00-04-4B-17-6D-89

   DHCP aktiviert. . . . . . . . . . : Ja

   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter LAN-Verbindung:

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : NVIDIA nForce-Netzwerkcontroller

   Physikalische Adresse . . . . . . : 00-04-4B-17-6D-88

   DHCP aktiviert. . . . . . . . . . : Ja

   Autokonfiguration aktiviert . . . : Ja

   Verbindungslokale IPv6-Adresse  . : fe80::d56:6585:118b:6d7b%10(Bevorzugt) 

   IPv4-Adresse (Auto. Konfiguration): 169.254.109.123(Bevorzugt) 

   Subnetzmaske  . . . . . . . . . . : 0.0.0.0

   Standardgateway . . . . . . . . . : 

   DNS-Server  . . . . . . . . . . . : 192.168.1.1

   NetBIOS Åber TCP/IP . . . . . . . : Aktiviert

Tunneladapter LAN-Verbindung* 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : isatap.{57061A8D-1390-4425-B6EC-7F164293DEDD}

   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 7:

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physikalische Adresse . . . . . . : 02-00-54-55-4E-01

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 11:

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : isatap.{8610D1D7-C4E1-49C0-A4FB-631EAF5277C6}

   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

< netsh winsock reset catalog /c >

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Die folgende Hilfsprogramm-DLL konnte nicht geladen werden: IFMON.DLL.

Der folgende Befehl wurde nicht gefunden: winsock reset catalog.

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

< netsh winsock reset /c >

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Die folgende Hilfsprogramm-DLL konnte nicht geladen werden: IFMON.DLL.

Der folgende Befehl wurde nicht gefunden: winsock reset.

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

< netsh int ipv4 reset reset.log /c >

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Die folgende Hilfsprogramm-DLL konnte nicht geladen werden: IFMON.DLL.

Der folgende Befehl wurde nicht gefunden: int ipv4 reset reset.log.

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

< netsh int ipv6 reset reset.log /c >

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Die folgende Hilfsprogramm-DLL konnte nicht geladen werden: IFMON.DLL.

Der folgende Befehl wurde nicht gefunden: int ipv6 reset reset.log.

C:\Users\Andreas Ritler\Desktop\cmd.bat deleted successfully.

C:\Users\Andreas Ritler\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Andreas Ritler

->Temp folder emptied: 120482 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6064131 bytes

->Flash cache emptied: 0 bytes

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 6.00 mb

 

 

OTL by OldTimer - Version 3.2.54.0 log created on 08052012_140148



Files\Folders moved on Reboot...

C:\Users\Andreas Ritler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.



PendingFileRenameOperations files...

File C:\Users\Andreas Ritler\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!



Registry entries deleted on Reboot...

Ich sollte vielleicht noch anmerken, dass das hochfahren des Computers jetzt deutlich
länger dauert.

Lieber Gruss, Chemicus

t'john · 05.08.2012, 20:45

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Chemicus · 05.08.2012, 23:15

hallo t'john,

habe AVG 2012 deaktiviert, trotzdem kommt bei Combofix die Nachricht, der AVG Real time Scanner sei noch aktiv (bin auch nach der Anleitung im Link
vorgegangen, allerdings fehlte der "disable real protection button" (da war nur ein ok), allerdings ist dort auch die Version 2011 beschrieben). Und als ich Combofix abbrechen wollte über das Fensterschliess-Icon kamm die Nachricht:

Die obigen Real-Time-Scanner sind immer noch aktiv, aber Combofix wird trotzdem mit dem Suchlauf fortfahren. Bitte nehme zur Kenntnis, das dies in eigener Verantwortung geschieht.

Ich hüte mich da ok zu klicken, aber kann die combofix irgendwie nicht stoppen. Muss ich AVG mit der Console vollständig abschalten (wenn ja,
hast du mir eine Anleitung), bevor ich ok klicke?

Im AVG Menu wird alles als inaktiv angezeigt!

Gruss Chemicus

t'john · 06.08.2012, 02:23

Deinstalliere AVG voruebergehend.

Chemicus · 06.08.2012, 12:30

darauf hätte ich auch selber kommen können...

Hier die geforderten logfiles:

Code:

ATTFilter

ComboFix 12-08-05.02 - Andreas Ritler 06.08.2012  11:54:45.1.4 - x64
MicrosoftÆ Windows Vistaô Ultimate   6.0.6002.2.1252.49.1031.18.4094.3065 [GMT 2:00]
ausgef¸hrt von:: C:\Users\Andreas Ritler\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Andreas Ritler\Desktop\Andreas\rl\Uni Bern\Lehninger Principles of Biochemistry 4e\Desktop_.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\IsUn0407.exe

C:\Windows\system32\Services.exe . . . ist infiziert!!


(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))


2074-05-18 15:44:52 . 2008-03-21 12:46:13	607296	----a-w-	C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-08-06 10:43:55 . 2012-08-06 10:43:55	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2012-08-06 09:33:11 . 2012-08-06 09:33:11	--------	d-----w-	C:\Windows\SysWow64\drivers\AVG
2012-08-05 01:07:47 . 2012-08-05 01:07:47	--------	d-----w-	C:\Users\Andreas Ritler\AppData\Roaming\Malwarebytes
2012-08-05 01:07:37 . 2012-08-05 01:07:37	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-08-05 01:07:37 . 2012-07-03 11:46:44	24904	----a-w-	C:\Windows\system32\drivers\mbam.sys
2012-08-05 01:07:36 . 2012-08-05 01:07:38	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-04 09:56:40 . 2012-08-04 09:56:40	--------	d-----w-	C:\_OTL
2012-07-21 15:08:09 . 2012-06-13 13:58:27	2769408	----a-w-	C:\Windows\system32\win32k.sys
2012-07-21 15:01:56 . 2012-04-23 16:25:30	174592	----a-w-	C:\Windows\system32\cryptsvc.dll
2012-07-21 15:01:56 . 2012-04-23 16:25:30	132096	----a-w-	C:\Windows\system32\cryptnet.dll
2012-07-21 15:01:56 . 2012-04-23 16:25:30	1267200	----a-w-	C:\Windows\system32\crypt32.dll
2012-07-21 15:01:56 . 2012-04-23 16:00:53	984064	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-07-21 15:01:56 . 2012-04-23 16:00:53	98304	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-07-21 15:01:56 . 2012-04-23 16:00:53	133120	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-07-21 15:01:28 . 2012-06-05 16:47:10	708608	----a-w-	C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-21 15:01:28 . 2012-06-05 16:22:28	974848	----a-w-	C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-21 15:01:00 . 2012-06-05 16:47:28	1401856	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-07-21 15:01:00 . 2012-06-05 16:47:27	1248768	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-07-21 15:01:00 . 2012-06-05 16:22:47	1797120	----a-w-	C:\Windows\system32\msxml6.dll
2012-07-21 15:01:00 . 2012-06-05 16:22:46	1869824	----a-w-	C:\Windows\system32\msxml3.dll
2012-07-21 15:00:37 . 2012-06-04 15:29:59	516480	----a-w-	C:\Windows\system32\drivers\ksecdd.sys
2012-07-21 15:00:37 . 2012-06-02 00:22:56	347136	----a-w-	C:\Windows\system32\schannel.dll
2012-07-21 15:00:37 . 2012-06-02 00:22:10	254464	----a-w-	C:\Windows\system32\ncrypt.dll
2012-07-21 15:00:37 . 2012-06-02 00:05:11	77312	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-07-21 15:00:37 . 2012-06-02 00:04:25	278528	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-07-21 15:00:37 . 2012-06-02 00:03:42	204288	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-07-21 14:59:45 . 2012-06-08 17:59:03	12899840	----a-w-	C:\Windows\system32\shell32.dll
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-21 16:00:28 . 2012-04-07 20:12:26	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 16:00:28 . 2011-06-13 09:07:58	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 15:09:11 . 2006-11-02 12:35:00	59701280	----a-w-	C:\Windows\system32\mrt.exe
2012-07-08 18:54:31 . 2009-03-03 15:38:14	281872	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-08 18:54:31 . 2008-11-25 18:27:23	281872	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-07-08 18:53:53 . 2008-11-25 18:27:23	215152	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-26 10:42:38 . 2008-11-25 18:27:21	76888	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe
2012-06-02 22:19:46 . 2012-06-19 09:00:04	38424	----a-w-	C:\Windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-19 09:00:30	2428952	----a-w-	C:\Windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-19 09:00:30	57880	----a-w-	C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-19 09:00:30	44056	----a-w-	C:\Windows\system32\wups2.dll
2012-06-02 22:19:32 . 2012-06-19 09:00:04	35864	----a-w-	C:\Windows\SysWow64\wups.dll
2012-06-02 22:19:23 . 2012-06-19 09:00:04	701976	----a-w-	C:\Windows\system32\wuapi.dll
2012-06-02 22:19:23 . 2012-06-19 09:00:04	577048	----a-w-	C:\Windows\SysWow64\wuapi.dll
2012-06-02 22:15:31 . 2012-06-19 09:00:30	2622464	----a-w-	C:\Windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-19 09:00:04	99840	----a-w-	C:\Windows\system32\wudriver.dll
2012-06-02 22:12:13 . 2012-06-19 09:00:04	88576	----a-w-	C:\Windows\SysWow64\wudriver.dll
2012-06-02 13:19:42 . 2012-06-19 08:59:54	186752	----a-w-	C:\Windows\system32\wuwebv.dll
2012-06-02 13:19:42 . 2012-06-19 08:59:54	171904	----a-w-	C:\Windows\SysWow64\wuwebv.dll
2012-06-02 13:15:12 . 2012-06-19 08:59:54	36864	----a-w-	C:\Windows\system32\wuapp.exe
2012-06-02 13:12:20 . 2012-06-19 08:59:54	33792	----a-w-	C:\Windows\SysWow64\wuapp.exe
2012-05-15 06:37:49 . 2012-06-13 08:55:24	916992	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-15 06:32:25 . 2012-06-13 08:55:20	43520	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2012-05-15 06:32:00 . 2012-06-13 08:55:20	1469440	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-15 06:31:44 . 2012-06-13 08:55:20	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2012-05-15 06:31:43 . 2012-06-13 08:55:20	71680	----a-w-	C:\Windows\SysWow64\iesetup.dll
2012-05-15 05:01:56 . 2012-06-13 08:55:20	385024	----a-w-	C:\Windows\SysWow64\html.iec
2012-05-15 03:26:05 . 2012-06-13 08:55:20	133632	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-15 03:23:41 . 2012-06-13 08:55:19	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 02:19:57 . 2012-06-13 08:55:21	1147392	----a-w-	C:\Windows\system32\wininet.dll
2012-05-15 02:19:43 . 2012-06-13 08:55:21	1488384	----a-w-	C:\Windows\system32\urlmon.dll
2012-05-15 02:19:43 . 2012-06-13 08:55:20	108032	----a-w-	C:\Windows\system32\url.dll
2012-05-15 02:18:19 . 2012-06-13 08:55:21	243712	----a-w-	C:\Windows\system32\occache.dll
2012-05-15 02:16:23 . 2012-06-13 08:55:21	1062912	----a-w-	C:\Windows\system32\mstime.dll
2012-05-15 02:15:51 . 2012-06-13 08:55:24	9328640	----a-w-	C:\Windows\system32\mshtml.dll
2012-05-15 02:15:51 . 2012-06-13 08:55:21	98304	----a-w-	C:\Windows\system32\mshtmled.dll
2012-05-15 02:15:47 . 2012-06-13 08:55:22	742912	----a-w-	C:\Windows\system32\msfeeds.dll
2012-05-15 02:15:47 . 2012-06-13 08:55:21	71680	----a-w-	C:\Windows\system32\msfeedsbs.dll
2012-05-15 02:15:14 . 2012-06-13 08:55:20	56832	----a-w-	C:\Windows\system32\licmgr10.dll
2012-05-15 02:15:01 . 2012-06-13 08:55:20	31744	----a-w-	C:\Windows\system32\jsproxy.dll
2012-05-15 02:14:53 . 2012-06-13 08:55:20	1538560	----a-w-	C:\Windows\system32\inetcpl.cpl
2012-05-15 02:14:26 . 2012-06-13 08:55:21	2350592	----a-w-	C:\Windows\system32\iertutil.dll
2012-05-15 02:14:26 . 2012-06-13 08:55:20	77312	----a-w-	C:\Windows\system32\iesetup.dll
2012-05-15 02:14:26 . 2012-06-13 08:55:20	219136	----a-w-	C:\Windows\system32\ieui.dll
2012-05-15 02:14:26 . 2012-06-13 08:55:20	132096	----a-w-	C:\Windows\system32\iesysprep.dll
2012-05-15 02:14:24 . 2012-06-13 08:55:20	72192	----a-w-	C:\Windows\system32\iernonce.dll
2012-05-15 02:14:23 . 2012-06-13 08:55:23	12508672	----a-w-	C:\Windows\system32\ieframe.dll
2012-05-15 02:14:23 . 2012-06-13 08:55:21	252416	----a-w-	C:\Windows\system32\iepeers.dll
2012-05-15 02:14:12 . 2012-06-13 08:55:21	459776	----a-w-	C:\Windows\system32\iedkcs32.dll
2012-05-15 01:21:55 . 2012-06-13 08:55:20	479232	----a-w-	C:\Windows\system32\html.iec
2012-05-15 00:40:32 . 2012-06-13 08:55:20	162816	----a-w-	C:\Windows\system32\ieUnatt.exe
2012-05-15 00:40:10 . 2012-06-13 08:55:19	70656	----a-w-	C:\Windows\system32\ie4uinit.exe
2012-05-15 00:39:38 . 2012-06-13 08:55:19	12288	----a-w-	C:\Windows\system32\msfeedssync.exe
2012-05-15 00:39:13 . 2012-06-13 08:55:19	1638912	----a-w-	C:\Windows\system32\mshtml.tlb
2012-05-10 13:22:26 . 2012-05-10 13:22:26	53248	----a-r-	C:\Users\Andreas Ritler\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-04-11 07:10:50 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386 (vista_rtm.061101-2205)] .. C:\Windows\system32\services.exe

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 18:06:18 59280]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]
"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 12:08:06 205336]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-18 18:56:22 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 17:33:22 421776]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-4 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-05-01 00:46:08 16299552]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 02:10:00 2184520]
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 01:40:00 767312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Zus‰tzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.ch/
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Free YouTube Download - C:\Users\Andreas Ritler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Andreas Ritler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - C:\Users\Andreas Ritler\AppData\Roaming\Mozilla\Firefox\Profiles\v1ov691r.default\

- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-'Das Achte Weltwunder' - C:\Windows\IsUn0407.exe
AddRemove-Adobe Photoshop 7.0 - C:\WINDOWS\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe

Code:

ATTFilter

'Das Achte Weltwunder'
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.5.1 - Deutsch
Adobe Shockwave Player 11.5
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Age of Wonders Shadow Magic
AoW...
Apple Application Support
Apple Software Update
Assassin's Creed
Assassin's Creed II
Biolab ¥07
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.4.1 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
CameraHelperMsi
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP550 series Benutzerregistrierung
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Chemicus
Chemicus II
ChemOffice Ultra 7.0
Conduit Engine
Dead Island
DivX-Setup
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
Dropbox
DVDVideoSoftTB Toolbar
erLT
Fallout
Fallout 3
Fallout Tactics
Fallout: New Vegas
Fallout2
FileZilla Client 3.5.1
Free Audio CD Burner version 1.4.7
Free YouTube Download version 2.10.31
Free YouTube to MP3 Converter version 3.10.5.722
GUILD WARS
Hitman 2: Silent Assassin
Hitman: Blood Money
Hitman: Codename 47
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
J2SE Runtime Environment 5.0 Update 1
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 31
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware Version 1.62.0.1300
Mercury
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
Oblivion
Origin
Pazera Free MOV to AVI Converter 1.4
Physicus II ¥07
Physikus ¥07
PunkBuster Services
PyMOL
QuickTime
Robin Hood - Die Legende von Sherwood
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Sniper: Ghost Warrior
Sony Net MD Help
Spelling Dictionaries Support For Adobe Reader 9
SpinWorks_3
SPOREô
SPOREô Galaktische Abenteuer
Steam
Stronghold
Stronghold 2
Stronghold Crusader Extreme
Stronghold Legends
System Requirements Lab
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
tsWebEditor 20060920
Two Worlds
Two Worlds II
Ubisoft Game Launcher
Ultima Online: Mondain's Legacy
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VideoLAN VLC media player 0.8.6d
Visual Studio 2008 x64 Redistributables
WinRAR Archivierer
Zoo Tycoon-Erweiterungen

Lieber Gruss Chemicus

t'john · 06.08.2012, 15:28

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Filelook::
c:\windows\system32\Services.exe

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Chemicus · 06.08.2012, 16:35

Logfile:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-08-05.02 - Andreas Ritler 06.08.2012  17:04:21.2.4 - x64
MicrosoftÆ Windows Vistaô Ultimate   6.0.6002.2.1252.49.1031.18.4094.2902 [GMT 2:00]
ausgef¸hrt von:: c:\users\Andreas Ritler\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Andreas Ritler\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
---- Vorheriger Suchlauf -------
.
c:\users\Andreas Ritler\Desktop\Andreas\rl\Uni Bern\Lehninger Principles of Biochemistry 4e\Desktop_.ini
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\IsUn0407.exe
.
-- Vorheriger Suchlauf --
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
--------
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46	607296	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-08-06 15:14 . 2012-08-06 15:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-06 09:33 . 2012-08-06 09:33	--------	d-----w-	c:\windows\SysWow64\drivers\AVG
2012-08-05 01:07 . 2012-08-05 01:07	--------	d-----w-	c:\users\Andreas Ritler\AppData\Roaming\Malwarebytes
2012-08-05 01:07 . 2012-08-05 01:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-05 01:07 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-05 01:07 . 2012-08-05 01:07	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 09:56 . 2012-08-04 09:56	--------	d-----w-	C:\_OTL
2012-07-21 15:08 . 2012-06-13 13:58	2769408	----a-w-	c:\windows\system32\win32k.sys
2012-07-21 15:01 . 2012-04-23 16:25	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-07-21 15:01 . 2012-04-23 16:25	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-07-21 15:01 . 2012-04-23 16:25	1267200	----a-w-	c:\windows\system32\crypt32.dll
2012-07-21 15:01 . 2012-04-23 16:00	984064	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-07-21 15:01 . 2012-04-23 16:00	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-07-21 15:01 . 2012-04-23 16:00	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-07-21 15:01 . 2012-06-05 16:47	708608	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-21 15:01 . 2012-06-05 16:22	974848	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-21 15:01 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-21 15:01 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-21 15:01 . 2012-06-05 16:22	1797120	----a-w-	c:\windows\system32\msxml6.dll
2012-07-21 15:01 . 2012-06-05 16:22	1869824	----a-w-	c:\windows\system32\msxml3.dll
2012-07-21 15:00 . 2012-06-04 15:29	516480	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-21 15:00 . 2012-06-02 00:22	347136	----a-w-	c:\windows\system32\schannel.dll
2012-07-21 15:00 . 2012-06-02 00:22	254464	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-21 15:00 . 2012-06-02 00:05	77312	----a-w-	c:\windows\SysWow64\secur32.dll
2012-07-21 15:00 . 2012-06-02 00:04	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2012-07-21 15:00 . 2012-06-02 00:03	204288	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-07-21 14:59 . 2012-06-08 17:59	12899840	----a-w-	c:\windows\system32\shell32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 16:00 . 2012-04-07 20:12	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 16:00 . 2011-06-13 09:07	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 15:09 . 2006-11-02 12:35	59701280	----a-w-	c:\windows\system32\mrt.exe
2012-07-08 18:54 . 2009-03-03 15:38	281872	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-07-08 18:54 . 2008-11-25 18:27	281872	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-07-08 18:53 . 2008-11-25 18:27	215152	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-06-26 10:42 . 2008-11-25 18:27	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-06-02 22:19 . 2012-06-19 09:00	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:00	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:00	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:00	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:00	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 09:00	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 09:00	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:00	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:00	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 09:00	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-19 08:59	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-19 08:59	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 08:59	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-19 08:59	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-05-15 06:37 . 2012-06-13 08:55	916992	----a-w-	c:\windows\SysWow64\wininet.dll
2012-05-15 06:32 . 2012-06-13 08:55	43520	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 08:55	1469440	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 08:55	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 08:55	71680	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-05-15 05:01 . 2012-06-13 08:55	385024	----a-w-	c:\windows\SysWow64\html.iec
2012-05-15 03:26 . 2012-06-13 08:55	133632	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 08:55	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-05-15 02:19 . 2012-06-13 08:55	1147392	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 02:19 . 2012-06-13 08:55	1488384	----a-w-	c:\windows\system32\urlmon.dll
2012-05-15 02:19 . 2012-06-13 08:55	108032	----a-w-	c:\windows\system32\url.dll
2012-05-15 02:18 . 2012-06-13 08:55	243712	----a-w-	c:\windows\system32\occache.dll
2012-05-15 02:16 . 2012-06-13 08:55	1062912	----a-w-	c:\windows\system32\mstime.dll
2012-05-15 02:15 . 2012-06-13 08:55	9328640	----a-w-	c:\windows\system32\mshtml.dll
2012-05-15 02:15 . 2012-06-13 08:55	98304	----a-w-	c:\windows\system32\mshtmled.dll
2012-05-15 02:15 . 2012-06-13 08:55	742912	----a-w-	c:\windows\system32\msfeeds.dll
2012-05-15 02:15 . 2012-06-13 08:55	71680	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-05-15 02:15 . 2012-06-13 08:55	56832	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-15 02:15 . 2012-06-13 08:55	31744	----a-w-	c:\windows\system32\jsproxy.dll
2012-05-15 02:14 . 2012-06-13 08:55	1538560	----a-w-	c:\windows\system32\inetcpl.cpl
2012-05-15 02:14 . 2012-06-13 08:55	2350592	----a-w-	c:\windows\system32\iertutil.dll
2012-05-15 02:14 . 2012-06-13 08:55	77312	----a-w-	c:\windows\system32\iesetup.dll
2012-05-15 02:14 . 2012-06-13 08:55	219136	----a-w-	c:\windows\system32\ieui.dll
2012-05-15 02:14 . 2012-06-13 08:55	132096	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-15 02:14 . 2012-06-13 08:55	72192	----a-w-	c:\windows\system32\iernonce.dll
2012-05-15 02:14 . 2012-06-13 08:55	12508672	----a-w-	c:\windows\system32\ieframe.dll
2012-05-15 02:14 . 2012-06-13 08:55	252416	----a-w-	c:\windows\system32\iepeers.dll
2012-05-15 02:14 . 2012-06-13 08:55	459776	----a-w-	c:\windows\system32\iedkcs32.dll
2012-05-15 01:21 . 2012-06-13 08:55	479232	----a-w-	c:\windows\system32\html.iec
2012-05-15 00:40 . 2012-06-13 08:55	162816	----a-w-	c:\windows\system32\ieUnatt.exe
2012-05-15 00:40 . 2012-06-13 08:55	70656	----a-w-	c:\windows\system32\ie4uinit.exe
2012-05-15 00:39 . 2012-06-13 08:55	12288	----a-w-	c:\windows\system32\msfeedssync.exe
2012-05-15 00:39 . 2012-06-13 08:55	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-05-10 13:22 . 2012-05-10 13:22	53248	----a-r-	c:\users\Andreas Ritler\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\Services.exe ---
Company: Microsoft Corporation
File Description: Anwendung f¸r Dienste und Controller
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem MicrosoftÆ WindowsÆ
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: services.exe.mui
File size: 384512
Created time: 2010-03-18 16:50
Modified time: 2009-04-11 07:10
MD5: BC81150939BD52DBC7A08C245F1FB229
SHA1: D1348C7CA52F3F43E2EED784D6BABD07B29EC514
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((   SnapShot@2012-08-06_10.48.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:09 . 2012-08-06 15:21	73718              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-24 16:07 . 2012-08-06 15:21	27418              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1633775851-3168524374-439798674-1000_UserData.bin
- 2008-11-24 17:21 . 2012-08-05 17:07	707454              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-24 17:21 . 2012-08-06 14:56	707454              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:44 . 2012-08-06 15:21	202976              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-08-06 09:56	586980              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-06 11:27	586980              c:\windows\system32\perfh009.dat
- 2008-01-21 10:46 . 2012-08-06 09:56	618204              c:\windows\system32\perfh007.dat
+ 2008-01-21 10:46 . 2012-08-06 11:27	618204              c:\windows\system32\perfh007.dat
- 2006-11-02 12:46 . 2012-08-06 09:56	101052              c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-06 11:27	101052              c:\windows\system32\perfc009.dat
- 2008-01-21 10:46 . 2012-08-06 09:56	122636              c:\windows\system32\perfc007.dat
+ 2008-01-21 10:46 . 2012-08-06 11:27	122636              c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-4 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Andreas Ritler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 16299552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Andreas Ritler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Andreas Ritler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Andreas Ritler\AppData\Roaming\Mozilla\Firefox\Profiles\v1ov691r.default\
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1633775851-3168524374-439798674-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1633775851-3168524374-439798674-1000\Software\SecuROM\License information*]
"datasecu"=hex:e3,45,67,cc,a9,7d,74,3b,83,9b,d5,9b,da,a0,87,59,6f,f6,11,bc,1d,
   62,62,fb,70,b5,d7,ab,26,6d,56,6e,16,cf,39,0c,92,11,6c,83,f8,76,2b,24,1d,f0,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-06  17:29:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-06 15:29
.
Vor Suchlauf: 18 Verzeichnis(se), 77'519'425'536 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 77'291'503'616 Bytes frei
.
- - End Of File - - 4B2925AF64D30AF7464520F202A5DE02

Gruss Chemicus

04.08.2012, 14:54	#4
t'john /// Helfer-Team	Bundespolizei Trojaner (Computer-Sperrung) - CH Version Du hast den Fix falsch kopiert! Benutze einen anderen Browser zum rauskopieren! Nochmal! __________________ Mfg, t'john Das TB unterstützen

06.08.2012, 02:23	#12
t'john /// Helfer-Team	Bundespolizei Trojaner (Computer-Sperrung) - CH Version Deinstalliere AVG voruebergehend. __________________ Mfg, t'john Das TB unterstützen

Bundespolizei Trojaner (Computer-Sperrung) - CH Version

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner (Computer-Sperrung) - CH Version