Ukash Trojaner

Orchidee · 24.07.2012, 17:45

Hallo,
mein Laptop ist leider vom Ukash Trojaner befallen und ich freue mich auf eure Hilfe..
Bin mit einem anderen PC im Internet und arbeite parallel am Laptop.

Malwarebytes Anti Malware Scan ist erledigt.

Wie mache ich jetzt weiter?

Viele Grüße
Susanne

Hier das Logfile:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
***:: ***-PC [Administrator]

Schutz: Deaktiviert

24.07.2012 18:21:32
mbam-log-2012-07-24 (18-21-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198038
Laufzeit: 5 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Temp\ICReinstall\PDFConverterSetup.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hallo,
ich bin's nochmal.

Bin jetzt nach Anleitung vorgegangen:
Schritt 1: defogger installiert und laufen lassen, keine Fehlermeldung.
Schritt 2: OTL installiert und laufen lassen. Hier die OTL.txt Datei einkopiert, Extras.txt kommt gleich nach.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.07.2012 19:43:18 - Run 2
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,29% Memory free
6,18 Gb Paging File | 5,86 Gb Available in Paging File | 94,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 299,02 Gb Free Space | 64,20% Space Free | Partition Type: NTFS
Drive F: | 243,23 Mb Total Space | 158,41 Mb Free Space | 65,13% Space Free | Partition Type: FAT
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 19:02:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 14:11:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 16:27:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.19 15:48:08 | 000,411,136 | ---- | M] () [Auto | Stopped] -- C:\Programme\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2011.07.02 12:16:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 00:08:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.11.18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008.11.17 19:22:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmwvusb.sys -- (vmwvusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.02 12:16:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 12:16:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.18 20:19:28 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.11.15 00:29:34 | 004,016,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.19 01:00:00 | 000,269,536 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2008.06.19 18:47:02 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008.06.03 17:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2008.05.21 04:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FE310632-06FE-46C4-B784-22BCBADA4979}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{12080EC1-8850-425A-A8E8-7234DE94F751}: "URL" = hxxp://opacplus.bsb-muenchen.de/search?query={searchTerms}
IE - HKCU\..\SearchScopes\{7A7A039A-186C-433C-B3A2-EC2D3B8F6B44}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{F44DBB4D-6AC7-4656-8D58-062561C69C2F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1B6C115B-1443-410A-863E-37328261F6BA&apn_sauid=EAA003FB-4DCE-4740-B82B-072F88915812
IE - HKCU\..\SearchScopes\{FE310632-06FE-46C4-B784-22BCBADA4979}: "URL" = hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.5:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.backup.ftp: "172.17.1.5"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.17.1.5"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.17.1.5"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.17.1.5"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "172.17.1.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.17.1.5"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.17.1.5"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.06.25 23:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 14:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 14:11:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.28 09:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.12 22:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions
[2012.07.12 22:24:45 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.06.11 10:46:57 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.04.07 14:12:04 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions\toolbar@ask.com
[2012.06.29 07:47:03 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\11-suche.xml
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\askcom.xml
[2012.07.17 21:07:19 | 000,001,424 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\bsb-opacplus.xml
[2012.06.29 07:47:03 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 07:47:03 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\gmx-suche.xml
[2012.06.29 07:47:03 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\lastminute.xml
[2012.02.25 15:31:08 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\sweetim.xml
[2012.06.29 07:47:03 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\webde-suche.xml
[2012.05.05 21:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.21 05:41:24 | 000,377,145 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6K5HE8A9.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012.06.29 07:46:58 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6K5HE8A9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.19 14:11:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.26 23:22:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 23:22:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 23:22:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 23:22:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 23:22:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 23:22:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [WinSyncProviders] C:\Users\***\AppData\Local\Microsoft\Windows\4123\WinSyncProviders.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110421095241 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F1D3F3B-1A70-4B35-B45E-DE5AEA30E739}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Documents\Pictures\2011_02 Südindien\2011-03-04 10-42-58 - P1090847.JPG
O24 - Desktop BackupWallPaper: C:\Users\***\Documents\Pictures\2011_02 Südindien\2011-03-04 10-42-58 - P1090847.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13cf8d15-7bba-11e1-ab01-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{13cf8d15-7bba-11e1-ab01-0009dd64f772}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{13cf8d1f-7bba-11e1-ab01-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{13cf8d1f-7bba-11e1-ab01-0009dd64f772}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b19276e-5db0-11e0-949a-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{7b19276e-5db0-11e0-949a-0009dd64f772}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b1928fb-5db0-11e0-949a-002219f094f5}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1928fb-5db0-11e0-949a-002219f094f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b1928fc-5db0-11e0-949a-002219f094f5}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1928fc-5db0-11e0-949a-002219f094f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b64e0d4b-7e85-11e1-ac73-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{b64e0d4b-7e85-11e1-ac73-0009dd64f772}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b64e0d4c-7e85-11e1-ac73-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{b64e0d4c-7e85-11e1-ac73-0009dd64f772}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 19:38:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.24 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.24 18:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 18:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 18:12:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.24 18:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.24 17:39:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hellomoto
[2012.07.24 08:11:55 | 000,000,000 | R--D | C] -- C:\Users\***\Dropbox
[2012.07.24 08:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.07.24 08:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.24 08:06:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.10 23:52:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\HR
[2012.07.06 08:12:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Aufräumen
[2012.07.03 17:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.03 17:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.03 17:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.06.28 01:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2012.06.25 23:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.06.25 23:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Citavi 3
[2012.06.25 23:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3
[2012.06.25 23:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3
[2012.06.25 23:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software
[2012.06.24 19:46:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2011.04.15 08:50:04 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Users\***\FileFormatConverters.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 19:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 19:09:04 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.24 19:02:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.24 18:44:02 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.24 18:42:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.24 18:42:00 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 18:42:00 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 18:15:16 | 000,630,662 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.24 18:15:16 | 000,598,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.24 18:15:16 | 000,127,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.24 18:15:16 | 000,104,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.24 18:12:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 17:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 17:26:07 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 08:11:55 | 000,000,943 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.07.24 08:09:34 | 000,000,953 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.12 22:16:50 | 003,723,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 16:25:40 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.26 06:44:06 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.06.25 23:30:10 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.24 19:09:04 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.24 18:12:37 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 08:11:55 | 000,000,943 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.07.24 08:09:34 | 000,000,953 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.03 16:25:40 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.06.25 23:30:10 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk
[2012.06.19 00:13:25 | 000,034,865 | ---- | C] () -- C:\Users\***\WeightWatchers.de _ MonatsPass - Abonnement abgeschlossen.pdf
[2012.04.28 23:48:12 | 000,176,102 | ---- | C] () -- C:\Users\***\seo-ranking-faktoren.pdf
[2011.11.05 17:11:23 | 000,000,043 | ---- | C] () -- C:\Users\***\gsview32.ini
[2011.07.15 20:32:19 | 000,011,776 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.27 10:33:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.20 09:19:57 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.04.15 13:29:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\adistres.dll
[2011.04.10 20:06:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.03 19:08:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.03 19:08:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.01 07:48:01 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2011.04.01 01:07:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.01 00:15:00 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.03.31 19:26:20 | 000,630,662 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.03.31 19:26:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.03.31 19:26:20 | 000,127,302 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.03.31 19:26:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.03.31 11:11:27 | 000,000,025 | ---- | C] () -- C:\Windows\CDE D78DEFGIPS.ini
[2011.03.31 11:00:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.31 10:01:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.31 09:56:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.03.31 09:56:47 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.31 09:56:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.03.31 09:56:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011.03.31 09:56:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011.03.31 09:37:18 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== LOP Check ==========
 
[2011.04.03 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems
[2012.05.22 00:08:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.24 18:43:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.24 17:39:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2011.04.15 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterTrust
[2012.01.15 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.04.10 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.05.22 23:45:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex
[2012.05.17 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.05.22 23:59:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.06.30 11:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.04.03 07:17:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011.04.14 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\webex
[2012.07.24 18:44:02 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Hallo,
ich bin's nochmal.

Bin jetzt nach Anleitung vorgegangen:
Schritt 1: defogger installiert und laufen lassen, keine Fehlermeldung.
Schritt 2: OTL installiert und laufen lassen. Hier die OTL.txt Datei einkopiert, Extras.txt kommt gleich nach.

Freue mich über Hilfe von Euch!

Viele Grüße
Susanne

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.07.2012 19:43:18 - Run 2
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,29% Memory free
6,18 Gb Paging File | 5,86 Gb Available in Paging File | 94,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 299,02 Gb Free Space | 64,20% Space Free | Partition Type: NTFS
Drive F: | 243,23 Mb Total Space | 158,41 Mb Free Space | 65,13% Space Free | Partition Type: FAT
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 19:02:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 14:11:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 16:27:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.19 15:48:08 | 000,411,136 | ---- | M] () [Auto | Stopped] -- C:\Programme\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2011.07.02 12:16:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 00:08:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.11.18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008.11.17 19:22:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmwvusb.sys -- (vmwvusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.02 12:16:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 12:16:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.18 20:19:28 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.11.15 00:29:34 | 004,016,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.19 01:00:00 | 000,269,536 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2008.06.19 18:47:02 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008.06.03 17:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2008.05.21 04:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FE310632-06FE-46C4-B784-22BCBADA4979}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{12080EC1-8850-425A-A8E8-7234DE94F751}: "URL" = hxxp://opacplus.bsb-muenchen.de/search?query={searchTerms}
IE - HKCU\..\SearchScopes\{7A7A039A-186C-433C-B3A2-EC2D3B8F6B44}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{F44DBB4D-6AC7-4656-8D58-062561C69C2F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1B6C115B-1443-410A-863E-37328261F6BA&apn_sauid=EAA003FB-4DCE-4740-B82B-072F88915812
IE - HKCU\..\SearchScopes\{FE310632-06FE-46C4-B784-22BCBADA4979}: "URL" = hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.5:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.backup.ftp: "172.17.1.5"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.17.1.5"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.17.1.5"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.17.1.5"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "172.17.1.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.17.1.5"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.17.1.5"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.06.25 23:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 14:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 14:11:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.28 09:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.12 22:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions
[2012.07.12 22:24:45 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.06.11 10:46:57 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.04.07 14:12:04 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6k5he8a9.default\extensions\toolbar@ask.com
[2012.06.29 07:47:03 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\11-suche.xml
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\askcom.xml
[2012.07.17 21:07:19 | 000,001,424 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\bsb-opacplus.xml
[2012.06.29 07:47:03 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 07:47:03 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\gmx-suche.xml
[2012.06.29 07:47:03 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\lastminute.xml
[2012.02.25 15:31:08 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\sweetim.xml
[2012.06.29 07:47:03 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6k5he8a9.default\searchplugins\webde-suche.xml
[2012.05.05 21:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.21 05:41:24 | 000,377,145 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6K5HE8A9.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012.06.29 07:46:58 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6K5HE8A9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.19 14:11:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.26 23:22:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 23:22:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 23:22:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 23:22:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 23:22:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 23:22:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [WinSyncProviders] C:\Users\***\AppData\Local\Microsoft\Windows\4123\WinSyncProviders.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110421095241 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F1D3F3B-1A70-4B35-B45E-DE5AEA30E739}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Documents\Pictures\2011_02 Südindien\2011-03-04 10-42-58 - P1090847.JPG
O24 - Desktop BackupWallPaper: C:\Users\***\Documents\Pictures\2011_02 Südindien\2011-03-04 10-42-58 - P1090847.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13cf8d15-7bba-11e1-ab01-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{13cf8d15-7bba-11e1-ab01-0009dd64f772}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{13cf8d1f-7bba-11e1-ab01-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{13cf8d1f-7bba-11e1-ab01-0009dd64f772}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b19276e-5db0-11e0-949a-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{7b19276e-5db0-11e0-949a-0009dd64f772}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b1928fb-5db0-11e0-949a-002219f094f5}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1928fb-5db0-11e0-949a-002219f094f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b1928fc-5db0-11e0-949a-002219f094f5}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1928fc-5db0-11e0-949a-002219f094f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b64e0d4b-7e85-11e1-ac73-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{b64e0d4b-7e85-11e1-ac73-0009dd64f772}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b64e0d4c-7e85-11e1-ac73-0009dd64f772}\Shell - "" = AutoRun
O33 - MountPoints2\{b64e0d4c-7e85-11e1-ac73-0009dd64f772}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 19:38:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.24 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.24 18:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 18:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 18:12:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.24 18:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.24 17:39:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hellomoto
[2012.07.24 08:11:55 | 000,000,000 | R--D | C] -- C:\Users\***\Dropbox
[2012.07.24 08:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.07.24 08:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.24 08:06:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.10 23:52:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\HR
[2012.07.06 08:12:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Aufräumen
[2012.07.03 17:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.03 17:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.03 17:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.06.28 01:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2012.06.25 23:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.06.25 23:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Citavi 3
[2012.06.25 23:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3
[2012.06.25 23:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3
[2012.06.25 23:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software
[2012.06.24 19:46:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2011.04.15 08:50:04 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Users\***\FileFormatConverters.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 19:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 19:09:04 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.24 19:02:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.24 18:44:02 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.24 18:42:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.24 18:42:00 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 18:42:00 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 18:15:16 | 000,630,662 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.24 18:15:16 | 000,598,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.24 18:15:16 | 000,127,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.24 18:15:16 | 000,104,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.24 18:12:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 17:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 17:26:07 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 08:11:55 | 000,000,943 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.07.24 08:09:34 | 000,000,953 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.12 22:16:50 | 003,723,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 16:25:40 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.26 06:44:06 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.06.25 23:30:10 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.24 19:09:04 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.24 18:12:37 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 08:11:55 | 000,000,943 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.07.24 08:09:34 | 000,000,953 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.03 16:25:40 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.06.25 23:30:10 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk
[2012.06.19 00:13:25 | 000,034,865 | ---- | C] () -- C:\Users\***\WeightWatchers.de _ MonatsPass - Abonnement abgeschlossen.pdf
[2012.04.28 23:48:12 | 000,176,102 | ---- | C] () -- C:\Users\***\seo-ranking-faktoren.pdf
[2011.11.05 17:11:23 | 000,000,043 | ---- | C] () -- C:\Users\***\gsview32.ini
[2011.07.15 20:32:19 | 000,011,776 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.27 10:33:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.20 09:19:57 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.04.15 13:29:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\adistres.dll
[2011.04.10 20:06:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.03 19:08:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.03 19:08:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.01 07:48:01 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2011.04.01 01:07:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.01 00:15:00 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.03.31 19:26:20 | 000,630,662 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.03.31 19:26:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.03.31 19:26:20 | 000,127,302 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.03.31 19:26:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.03.31 11:11:27 | 000,000,025 | ---- | C] () -- C:\Windows\CDE D78DEFGIPS.ini
[2011.03.31 11:00:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.31 10:01:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.31 09:56:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.03.31 09:56:47 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.31 09:56:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.03.31 09:56:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011.03.31 09:56:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011.03.31 09:37:18 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== LOP Check ==========
 
[2011.04.03 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems
[2012.05.22 00:08:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.24 18:43:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.24 17:39:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2011.04.15 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterTrust
[2012.01.15 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.04.10 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.05.22 23:45:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex
[2012.05.17 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.05.22 23:59:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.06.30 11:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.04.03 07:17:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011.04.14 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\webex
[2012.07.24 18:44:02 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extras.txt (allerdings habe ich OTL 2 mal durchlaufen lassen, hier vom ersten Durchlauf - falls ich etwas anders machen soll, bitte melden):OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.07.2012 19:16:10 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 87,00% Memory free
6,18 Gb Paging File | 5,98 Gb Available in Paging File | 96,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 292,71 Gb Free Space | 62,84% Space Free | Partition Type: NTFS
Drive F: | 243,23 Mb Total Space | 158,61 Mb Free Space | 65,21% Space Free | Partition Type: FAT
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0193B1EC-D0E9-423A-92ED-61AC70847605}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{23C66315-0A12-43F4-AE25-941998589863}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2AE0F039-E61E-42D8-9A81-E1C33977CF94}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3E774778-2C1F-4665-AA8B-1FFAFC5EFAD8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3EDE2ECB-A844-47E0-867E-F5F10AF4A215}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4D2CC26E-7872-43A9-B417-91B9269A0EC6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8244053F-4613-4A7A-83B1-FEF36C3E44C3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{856B0079-5FA1-4EA7-A290-A0A08537A898}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8E167195-92E4-467B-927D-C4313659078D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8EF8971A-2A21-4027-9BD0-A560AF22A811}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AB1627BB-66E2-4498-B697-B6896E72F51C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D708AAD6-59AB-4CE9-B83F-9C79A6C7091B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DE3842C7-E1B2-46C8-B1FE-1D069F0994E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E4452C59-B1B7-4EB5-9C7E-E9253D76446C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EAD4BADC-F77A-4BA4-8DA4-8CDAD18C7A87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ECC6A5E0-62F0-4247-9634-ABFB1D8EF149}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F5BE9B7D-E8EC-4C33-8CBA-72F57179C9D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9C32EEB-FD5D-4E34-8096-C7FEC14B8995}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0092D55C-128D-407D-8D44-3FDBF2CA3E2C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{19123232-1665-4465-9447-B76D96BF56AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{394E3873-1E43-4390-8BBB-8AE4351CDF2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5DAACBF3-2911-4532-B8A1-69949D064C99}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{833E836F-0446-4CD4-8D60-865E8463B468}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5EC86AE-1AAD-45F2-88D5-6BC4BE59A72F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BB07868A-FE1A-4B27-A51A-46FD7E0F3939}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BEAB7C4C-1EDB-4B77-AB2D-C54DC43109A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{C23DA298-2224-4995-9A6A-CE89E1AB4F92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D9EDCA18-15B3-4CF1-8E1F-4B55D5029779}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E671BB2C-0A9D-4AFA-8085-9CAF12127A8D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{ED3A067E-65BF-4573-9B85-A35F82BF312C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F58FFCD6-05B5-4E4E-96B0-FE3E0413913D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F82F37EE-7C01-4450-BE36-9A6FFD0441C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2E5F85DA-B03C-41C9-8B05-B853CEE1879B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D31A62BC-DFB4-465B-BC98-08761DC7593D}C:\program files\bike gps richtrack factory\dkl.exe" = protocol=6 | dir=in | app=c:\program files\bike gps richtrack factory\dkl.exe | 
"TCP Query User{F3D2CE76-4708-491E-9BD2-2955143CF35A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0637D521-AA18-4F48-9DF6-CB5208229314}C:\program files\bike gps richtrack factory\dkl.exe" = protocol=17 | dir=in | app=c:\program files\bike gps richtrack factory\dkl.exe | 
"UDP Query User{4B2D5C78-90B4-4C11-BD51-504FD3C2F234}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C50ED851-AA04-44DD-BEAE-A70B5D92D6D5}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23E512A3-18DA-42FB-A55B-9AA15145BF64}" = Polar WebSync
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87717500-AED3-B339-842A-BE3B62F600E0}" = ccc-utility
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}" = Intel(R) PROSet/Wireless WiFi-Software
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B99D0CFD-2C04-4E86-9B71-124D46010766}" = Polar Daemon
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E4AAB0A5-482C-0048-3D37-57A3965601B6}" = ATI Catalyst Install Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Auto Update Service" = Canon Auto Update Service
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bike GPS RichTrack Factory_is1" = Bike GPS RichTrack Factory (Free)
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative OA008" = Integrated Webcam Driver (1.00.03.0919)  
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MapUtility" = Canon Utilities Map Utility
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Blender" = PDF Blender
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel PROSet Wireless
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2012 05:28:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:39 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:39 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:41 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:42 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:42 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.02.2012 05:28:53 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.07.2012 13:13:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

--- --- ---

Schritt 3, da 32bit-System: gmer-Scan. Ich wollte es eigentlich alles in meinen ursprünglichen Post einfügen, aber das ging leider nicht mehr.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-24 20:53:39
Windows 6.0.6002 Service Pack 2 
Running: j35i470n.exe; Driver: C:\Users\Susanne\AppData\Local\Temp\axdirfow.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64f772                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64f772@2421abcdff37         0xD6 0x4D 0x20 0x55 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64f772@3c7437c0973b         0x25 0xBB 0x38 0xEB ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64f772@28987bc78f29         0xEE 0x5D 0x31 0x11 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64f772 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64f772@2421abcdff37             0xD6 0x4D 0x20 0x55 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64f772@3c7437c0973b             0x25 0xBB 0x38 0xEB ...
Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64f772@28987bc78f29             0xEE 0x5D 0x31 0x11 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Ukash Trojaner

Log-Analyse und Auswertung: Ukash Trojaner

Ukash Trojaner

Ähnliche Themen: Ukash Trojaner