Kampf gegen den claro-Trojaner aufgenommen

beckmatt · 18.12.2012, 15:05

Hallo liebes Forum,

schon vor geraumer Zeit (irgendwann im November, da die Chronik im Oktober noch frei ist von claro) ist mir aufgefallen, dass sich die Startseite des Firefoxbrowsers und auch die Suche bei meinem Laptop (Fujitsu Lifebook mit Win 7 32 bit) verändert hat. Ich habe zunächst die claro-suchengine entfernt und die Seite wieder zurückgestellt. Da ich den Laptop nicht häufig benutze habe ich erst kürzlich festgestellt, dass sich die Suche eigenständig wieder umgestellt hat. Nach googeln bin ich dann auf diesen Beitrag hier im Forum gestoßen:

http://www.trojaner-board.de/127281-...ntfernen.html.

Bislang habe ich den adwcleaner laufen lassen, die automatischen Updates aktiviert (ich weiß, reichlich spät) und Windows auf den neusten Stand gebracht, Stand war Sept.2012. (letztes Update), und OTL suchen lassen, einmal vor und dreimal nach den Updates. Ich poste hier die adwcleaner logfile:

# AdwCleaner v2.101 - Datei am 17/12/2012 um 17:56:45 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : user - NB03
# Bootmodus : Normal
# Ausgeführt unter : D:\Downloads\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager
Gestoppt & Gelöscht : DefaultTabSearch
Gestoppt & Gelöscht : DefaultTabUpdate

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files\Claro LTD
Ordner Gelöscht : C:\Program Files\DefaultTab
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\25976~1.107\{c16c1~1\mngr.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Claro LTD
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Claro LTD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[S1].txt - [4945 octets] - [17/12/2012 17:56:45]

########## EOF - C:\AdwCleaner[S1].txt - [5005 octets] ##########

und den letzten OTL-Scan, ein Qucikscan, bei dem ich allerdings das Dateialter auf 60 Tage hochgesetzt habe, da die Infektion schon länger als 30 Tage her ist (was aber scheinbar nicht funktioniert):

OTL logfile created on: 18.12.2012 14:49:08 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,95 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 43,44% Memory free
3,91 Gb Paging File | 2,61 Gb Available in Paging File | 66,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,34 Gb Total Space | 54,68 Gb Free Space | 72,58% Space Free | Partition Type: NTFS
Drive D: | 73,61 Gb Total Space | 55,90 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
Drive E: | 2,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: NB03 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.17 17:52:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012.12.16 10:54:41 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\avast\AvastSvc.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.21 15:17:54 | 000,094,064 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTInk.exe
PRC - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe
PRC - [2012.03.21 14:25:28 | 002,186,096 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2012.03.09 08:14:50 | 010,132,336 | ---- | M] (SMART Technologies ULC) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.11.06 00:00:00 | 000,057,344 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\fjmnuico.exe
PRC - [2009.11.06 00:00:00 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjEvents.exe
PRC - [2009.10.09 00:00:00 | 002,792,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.10.09 00:00:00 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.06.04 12:48:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.05.06 16:15:44 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjDspMon.exe
PRC - [2007.11.19 15:32:32 | 000,717,312 | ---- | M] (Dr. Kaiser Systemhaus GmbH) -- C:\Programme\DKS\Drive\DksStatus.exe

========== Modules (No Company Name) ==========

MOD - [2012.12.18 14:11:25 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.12.18 14:11:11 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.12.18 14:11:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.12.18 14:10:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.12.18 14:08:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.12.18 14:08:49 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.12.18 14:08:41 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.12.18 14:08:23 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.12.18 14:08:22 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.12.18 14:08:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.12.16 10:54:41 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.09.23 20:52:15 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2012.09.23 20:51:45 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2007.05.25 14:18:08 | 000,081,920 | ---- | M] () -- C:\Windows\System32\dksio.dll

========== Services (SafeList) ==========

SRV - [2012.12.16 10:54:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.15 13:14:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.23 20:51:43 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.09 09:30:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.10.09 00:00:00 | 002,792,232 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 12:48:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.10.07 11:37:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.07.26 15:49:24 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.03.21 14:26:40 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2012.03.21 14:26:34 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2012.03.21 14:26:30 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.03.23 10:26:00 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2010.03.23 08:52:59 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 00:00:00 | 000,036,648 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2009.10.09 00:00:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.10.09 00:00:00 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.09.01 00:00:00 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2007.12.21 12:28:10 | 000,135,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dksdrv2k.sys -- (Waechter)
DRV - [2005.11.14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2004.01.18 04:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2003.06.20 14:30:48 | 000,011,392 | ---- | M] (Fujitsu PC Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FjBtndrv.sys -- (Fjbtndrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 5B A6 22 60 CA CA 01 [binary data]
IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2742214133-713429895-2984856512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B338e0b96-2285-4424-b4c8-e25560750fa3%7D:3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=KW_ss&mntrId=7e27bd090000000000008c736e7796d7&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.16 10:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.10 22:56:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.16 10:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.10 22:56:59 | 000,000,000 | ---D | M]

[2010.09.09 09:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.11.24 15:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x6s7ah3p.default\extensions
[2012.11.22 06:53:40 | 000,000,000 | ---D | M] (Default Tab) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x6s7ah3p.default\extensions\addon@defaulttab.com
[2012.11.22 06:53:40 | 000,022,390 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\extensions\addon@defaulttab.com.xpi
[2012.09.29 09:11:49 | 000,003,145 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
[2012.11.10 22:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.16 10:54:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=HP_ss&mntrId=7e27bd090000000000008c736e7796d7
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] D:\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DksStatus.exe] C:\Programme\DKS\Drive\DksStatus.exe (Dr. Kaiser Systemhaus GmbH)
O4 - HKLM..\Run: [FjStrtAp] C:\Programme\Fujitsu\Utils\fjstrtap.exe (Fujitsu Computer Systems Corp.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKU\S-1-5-21-2742214133-713429895-2984856512-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC28BAA-5E2A-4718-9525-37FE636069B8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A97ABAB-6B98-482F-A258-0FE71E07BDF8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15bc6163-ea98-11df-b5ec-e839df06b3b0}\Shell - "" = AutoRun
O33 - MountPoints2\{15bc6163-ea98-11df-b5ec-e839df06b3b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6c18bee1-69ab-11e0-8eca-8c736e7796d7}\Shell - "" = AutoRun
O33 - MountPoints2\{6c18bee1-69ab-11e0-8eca-8c736e7796d7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9858e4c8-35cb-11df-93df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9858e4c8-35cb-11df-93df-806e6f6e6963}\Shell\AutoRun\command - "" = E:\bootcd\wintools\autorun.exe
O33 - MountPoints2\{9858e4c8-35cb-11df-93df-806e6f6e6963}\Shell\Option1\Command - "" = E:\bootcd\wintools\autorun.exe
O33 - MountPoints2\{a77674e2-9134-11e0-b4c7-8c736e7796d7}\Shell - "" = AutoRun
O33 - MountPoints2\{a77674e2-9134-11e0-b4c7-8c736e7796d7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cf4a3962-5544-11e0-af67-8c736e7796d7}\Shell - "" = AutoRun
O33 - MountPoints2\{cf4a3962-5544-11e0-af67-8c736e7796d7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.18 14:27:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.12.18 14:27:10 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.12.18 14:27:10 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.12.18 14:27:10 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.12.18 14:27:10 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.12.18 14:27:10 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.12.18 14:27:08 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.12.18 14:27:08 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.12.18 14:27:08 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.12.18 14:27:08 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.12.18 14:27:08 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.12.18 14:27:07 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.12.18 14:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.18 14:27:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.12.18 14:13:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.12.18 14:07:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.17 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2012.12.17 14:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.17 14:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.17 14:40:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.12.17 14:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.12.15 20:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012.12.15 13:16:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2012.12.15 12:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.12.15 12:33:49 | 000,000,000 | ---D | C] -- C:\GOG Games
[2012.11.22 06:56:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2012.11.22 06:53:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DefaultTab
[2012.11.22 06:53:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\SwvUpdater
[2012.11.22 06:53:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Claro
[2012.11.22 06:52:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Babylon
[2012.11.22 06:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.22 06:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.18 14:47:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 14:38:51 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 14:38:51 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 14:32:24 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2012.12.18 14:31:19 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.18 14:30:10 | 000,195,584 | -HS- | M] () -- C:\dksimage.bin
[2012.12.18 14:25:18 | 001,784,352 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.12.18 14:25:18 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.12.18 14:25:18 | 000,185,776 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.12.18 14:25:18 | 000,167,936 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.12.18 14:25:18 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.12.18 14:25:15 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.12.18 14:25:15 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.12.18 14:25:14 | 001,933,312 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.12.18 14:25:14 | 000,159,744 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.12.18 14:25:14 | 000,126,976 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.12.18 14:25:10 | 000,266,240 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.12.18 14:22:50 | 000,489,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 14:14:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.18 14:10:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.18 14:10:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.18 14:10:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.18 14:10:26 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.17 17:52:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.12.17 17:52:44 | 000,547,175 | ---- | M] () -- D:\Desktop\adwcleaner.exe
[2012.12.17 14:40:30 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.17 07:15:21 | 000,003,540 | ---- | M] () -- C:\Users\user\AppData\Roaming\FjMenu1.XML
[2012.12.15 20:09:58 | 000,002,660 | ---- | M] () -- C:\Users\Public\Desktop\The Incredible Machine - Even More Contraptions.lnk
[2012.12.15 20:09:58 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\The Even More Incredible Machine.lnk
[2012.12.15 20:09:58 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\The Incredible Machine 3.lnk
[2012.12.15 20:09:57 | 000,002,662 | ---- | M] () -- C:\Users\Public\Desktop\Return of the Incredible Machine Contraptions.lnk
[2012.12.15 13:16:50 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Hotline Miami.lnk
[2012.12.15 12:33:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Duke Nukem 3D.lnk
[2012.11.22 06:52:33 | 000,170,190 | ---- | M] () -- C:\Windows\unins000.dat
[2012.11.22 06:52:16 | 000,723,230 | ---- | M] () -- C:\Windows\unins000.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.18 14:13:57 | 000,547,175 | ---- | C] () -- D:\Desktop\adwcleaner.exe
[2012.12.17 14:40:30 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.15 20:09:58 | 000,002,660 | ---- | C] () -- C:\Users\Public\Desktop\The Incredible Machine - Even More Contraptions.lnk
[2012.12.15 20:09:58 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\The Even More Incredible Machine.lnk
[2012.12.15 20:09:58 | 000,002,441 | ---- | C] () -- C:\Users\Public\Desktop\The Incredible Machine 3.lnk
[2012.12.15 20:09:57 | 000,002,662 | ---- | C] () -- C:\Users\Public\Desktop\Return of the Incredible Machine Contraptions.lnk
[2012.12.15 13:16:50 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Hotline Miami.lnk
[2012.12.15 12:33:57 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Duke Nukem 3D.lnk
[2012.11.22 06:53:38 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2012.11.22 06:52:32 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2012.11.22 06:52:32 | 000,170,190 | ---- | C] () -- C:\Windows\unins000.dat
[2012.09.23 21:56:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.09.09 12:52:05 | 000,003,540 | ---- | C] () -- C:\Users\user\AppData\Roaming\FjMenu1.XML

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.11.22 06:52:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2012.11.22 06:53:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Claro
[2012.10.07 11:38:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2012.11.22 06:53:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DefaultTab
[2012.12.18 14:32:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2012.11.17 00:52:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MediaMonkey
[2012.09.23 21:37:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SMART Technologies
[2010.09.20 08:24:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SMART Technologies Inc

========== Purity Check ==========

< End of report >

Nun habe ich festgestellt, dass es hier im Board gewünscht ist, immer einen eigenen Thread zu erstellen, also will ich das hiermit tun. Hinzu kommt, dass Firefox nach wie vor gehackt ist. Wenn ich neue Tabs öffne lande ich auf der Claro-Seite, auch wenn ich in der url-Zeile einen suchbegriff eingebe. Kurz: ich komme alleine auch gar nicht weiter. Ich hoffe, dass ich mich ansonsten einigermaßen an die Regeln im Board gehalten habe und hoffe auf eine gute Zusammenarbeit.

Grüße
beckmatt

M-K-D-B · 18.12.2012, 15:26

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich weiß nicht warum, aber AdwCleaner hat anscheinend dein Firefox-Profil nicht erkannt und darum Claro von dort nicht entfernt.
Wir gehen anders vor:

Schritt 1
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen und mit dem Scan beginnen.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von JRT,
die Logdatei von ComboFix.

beckmatt · 18.12.2012, 18:04

Hallo Matthias,

vielen Dank für deine superschnelle Antwort.

Hier meine Ergebnisse:

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.8 (12.17.2012:1)
OS: Windows 7 Professional x86
Ran by user on 18.12.2012 at 16:48:34,55
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\claro"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\swvupdater"



~~~ FireFox

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\user.js
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\extensions\addon@defaulttab.com
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=HP_ss&mntrId=7e27bd090000000000008c736e7796d7");
user_pref("avg.install.userSPSettings", "Claro Search");
user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=NT_ss&mntrId=7e27bd090000000000008c736e7796d7");
user_pref("browser.search.defaultenginename", "Claro Search");
user_pref("browser.search.order.1", "Claro Search");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=NT_ss&mntrId=7e27bd090000000000008c736e7796d7");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "7e27bd090000000000008c736e7796d7");
user_pref("extensions.claro.instlDay", "15666");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.tlbrId", "irhnew");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.3.10");
user_pref("extensions.claro.vrsni", "1.8.3.10");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.3.106:53:13");
user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=KW_ss&mntrId=7e27bd090000000000008c736e7796d7&q=");



~~~ Chrome

Successfully deleted: [Folder] C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.12.2012 at 16:51:26,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-17.02 - user 18.12.2012  16:54:46.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2002.845 [GMT 1:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-18 bis 2012-12-18  ))))))))))))))))))))))))))))))
.
.
2012-12-18 16:00 . 2012-12-18 16:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-18 15:48 . 2012-12-18 15:48	--------	d-----w-	c:\windows\ERUNT
2012-12-18 15:48 . 2012-12-18 15:48	--------	d-----w-	C:\JRT
2012-12-18 13:26 . 2006-02-07 14:39	32768	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-18 13:26 . 2006-02-07 14:45	757760	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-12-18 13:26 . 2006-02-07 14:40	204800	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-12-18 13:26 . 2006-02-07 14:40	69715	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-12-18 13:26 . 2006-02-07 14:40	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-12-18 13:26 . 2005-11-13 22:19	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-12-18 13:26 . 2012-12-18 13:26	200836	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-12-18 13:26 . 2012-12-18 13:26	331908	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-12-18 13:05 . 2012-11-19 00:04	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{646A1990-D63E-4776-BB26-537106A31AE9}\mpengine.dll
2012-12-18 13:03 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-18 13:03 . 2012-08-10 23:56	542208	----a-w-	c:\windows\system32\kerberos.dll
2012-12-18 13:03 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-18 13:00 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-12-17 13:40 . 2012-12-18 15:55	--------	d-----w-	c:\users\user\AppData\Roaming\Skype
2012-12-17 13:40 . 2012-12-17 13:40	--------	d-----w-	c:\program files\Common Files\Skype
2012-12-17 13:40 . 2012-12-17 13:40	--------	d-----r-	c:\program files\Skype
2012-12-17 13:40 . 2012-12-17 13:40	--------	d-----w-	c:\programdata\Skype
2012-12-15 19:08 . 2012-12-15 19:08	--------	d-----w-	c:\program files\GOG.com
2012-12-15 12:16 . 2012-12-15 12:16	--------	d-----w-	c:\users\user\AppData\Local\Programs
2012-12-15 11:33 . 2012-12-15 12:16	--------	d-----w-	C:\GOG Games
2012-11-22 05:56 . 2012-11-22 05:56	--------	d-----w-	c:\users\user\AppData\Roaming\vlc
2012-11-22 05:52 . 2012-11-22 05:52	--------	d-----w-	c:\program files\VideoLAN
2012-11-22 05:52 . 2012-11-22 05:52	723230	----a-w-	c:\windows\unins000.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 12:14 . 2012-09-24 03:33	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-15 12:14 . 2012-09-23 20:06	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-09-29 07:37	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-09-29 07:37	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-09-29 07:37	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-09-29 07:37	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-09-29 07:37	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-09-29 07:36	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-09-29 07:36	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-09-29 07:37	44784	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-07 10:37 . 2012-10-07 10:37	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-23 21:02 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-09-23 20:19 . 2012-09-23 20:19	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-09-23 20:19 . 2012-09-23 20:19	161792	----a-w-	c:\windows\system32\msls31.dll
2012-09-23 20:19 . 2012-09-23 20:19	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-09-23 20:19 . 2012-09-23 20:19	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-09-23 20:19 . 2012-09-23 20:19	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-09-23 20:19 . 2012-09-23 20:19	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-09-23 20:19 . 2012-09-23 20:19	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-09-23 20:19 . 2012-09-23 20:19	367104	----a-w-	c:\windows\system32\html.iec
2012-09-23 20:19 . 2012-09-23 20:19	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-09-23 20:19 . 2012-09-23 20:19	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-09-23 20:19 . 2012-09-23 20:19	152064	----a-w-	c:\windows\system32\wextract.exe
2012-09-23 20:19 . 2012-09-23 20:19	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-09-23 20:19 . 2012-09-23 20:19	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-09-23 20:19 . 2012-09-23 20:19	11776	----a-w-	c:\windows\system32\mshta.exe
2012-09-23 20:19 . 2012-09-23 20:19	101888	----a-w-	c:\windows\system32\admparse.dll
2012-12-16 09:54 . 2012-11-10 21:56	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	d:\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-31 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-31 151064]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2009-11-05 20480]
"DksStatus.exe"="c:\progra~1\DKS\Drive\DksStatus.exe" [2007-11-19 717312]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"avast"="d:\avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-12-18 7703072]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
S0 Waechter;Waechter;c:\windows\system32\drivers\dksdrv2k.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\Fjbtndrv.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 12:14]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-29 07:37]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-29 07:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\x6s7ah3p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\user\AppData\Local\SwvUpdater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-18  17:02:19
ComboFix-quarantined-files.txt  2012-12-18 16:02
.
Vor Suchlauf: 10 Verzeichnis(se), 58.336.329.728 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 58.683.072.512 Bytes frei
.
- - End Of File - - 9A072D1603B91FF86B88D5EA1B4B8EF3

--- --- ---

Ich hoffe das war so richtig...

Grüße
beckmatt

M-K-D-B · 18.12.2012, 18:16

Servus,

alles richtig gemacht.

Gibt es immer noch Probleme mit Claro? Wenn ja, wie äußert sich das Problem? In welchem Browser tritt Claro noch auf?

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

beckmatt · 18.12.2012, 19:57

Hehe, danke.

Nee, sieht sauber aus...
Vielen Dank so weit!!!

P.S: wie sieht es aus mit Passwortsicherheit? Gab es Keylogger oder sowas auf dem Rechner???

Viele Grüße
beckmatt

PPS: hab grad erst die Anweisung gesehen... folgt hier:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.12.2012 20:08:10 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,95 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 49,50% Memory free
3,91 Gb Paging File | 2,64 Gb Available in Paging File | 67,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,34 Gb Total Space | 54,73 Gb Free Space | 72,64% Space Free | Partition Type: NTFS
Drive D: | 73,61 Gb Total Space | 55,89 Gb Free Space | 75,93% Space Free | Partition Type: NTFS
Drive E: | 2,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NB03 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.17 17:52:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012.12.16 10:54:41 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.12.15 13:14:28 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\avast\AvastSvc.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.21 15:17:54 | 000,094,064 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTInk.exe
PRC - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe
PRC - [2012.03.21 14:25:28 | 002,186,096 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2012.03.09 08:14:50 | 010,132,336 | ---- | M] (SMART Technologies ULC) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.11.06 00:00:00 | 000,057,344 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\fjmnuico.exe
PRC - [2009.11.06 00:00:00 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjEvents.exe
PRC - [2009.10.09 00:00:00 | 002,792,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.10.09 00:00:00 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.06.04 12:48:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.05.06 16:15:44 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjDspMon.exe
PRC - [2007.11.19 15:32:32 | 000,717,312 | ---- | M] (Dr. Kaiser Systemhaus GmbH) -- C:\Programme\DKS\Drive\DksStatus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.18 15:36:32 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012.12.18 15:36:32 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012.12.18 15:36:24 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.12.18 14:11:25 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.12.18 14:11:11 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.12.18 14:11:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.12.18 14:10:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.12.18 14:08:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.12.18 14:08:49 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.12.18 14:08:41 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.12.18 14:08:23 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.12.18 14:08:22 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.12.18 14:08:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.12.16 10:54:41 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.12.15 13:14:28 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.09.23 20:52:15 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2012.09.23 20:51:45 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2007.05.25 14:18:08 | 000,081,920 | ---- | M] () -- C:\Windows\System32\dksio.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.16 10:54:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.15 13:14:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.23 20:51:43 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.09 09:30:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.10.09 00:00:00 | 002,792,232 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 12:48:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.10.07 11:37:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.07.26 15:49:24 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.03.21 14:26:40 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2012.03.21 14:26:34 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2012.03.21 14:26:30 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.03.23 10:26:00 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2010.03.23 08:52:59 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 00:00:00 | 000,036,648 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2009.10.09 00:00:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.10.09 00:00:00 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.09.01 00:00:00 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2007.12.21 12:28:10 | 000,135,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dksdrv2k.sys -- (Waechter)
DRV - [2005.11.14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2004.01.18 04:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2003.06.20 14:30:48 | 000,011,392 | ---- | M] (Fujitsu PC Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FjBtndrv.sys -- (Fjbtndrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 5B A6 22 60 CA CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B338e0b96-2285-4424-b4c8-e25560750fa3%7D:3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.16 10:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.10 22:56:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.16 10:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.10 22:56:59 | 000,000,000 | ---D | M]
 
[2010.09.09 09:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.12.18 16:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x6s7ah3p.default\extensions
[2012.09.29 09:11:49 | 000,003,145 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
[2012.11.10 22:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.16 10:54:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.claro-search.com/?affID=117452&tt=4712_7&babsrc=HP_ss&mntrId=7e27bd090000000000008c736e7796d7
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.12.18 17:00:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O4 - HKLM..\Run: [avast] D:\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DksStatus.exe] C:\Programme\DKS\Drive\DksStatus.exe (Dr. Kaiser Systemhaus GmbH)
O4 - HKLM..\Run: [FjStrtAp] C:\Programme\Fujitsu\Utils\fjstrtap.exe (Fujitsu Computer Systems Corp.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC28BAA-5E2A-4718-9525-37FE636069B8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A97ABAB-6B98-482F-A258-0FE71E07BDF8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.18 17:02:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.18 17:02:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.18 17:02:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.18 17:00:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.18 16:53:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.18 16:53:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.18 16:53:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.18 16:53:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.18 16:53:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.18 16:48:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.18 16:48:25 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.18 16:47:30 | 005,012,571 | R--- | C] (Swearware) -- D:\Desktop\ComboFix.exe
[2012.12.18 16:47:30 | 000,496,299 | ---- | C] (Oleg N. Scherbakov) -- D:\Desktop\JRT.exe
[2012.12.18 14:27:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.12.18 14:27:10 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.12.18 14:27:10 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012.12.18 14:27:10 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012.12.18 14:27:10 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.12.18 14:27:10 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012.12.18 14:27:10 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.12.18 14:27:10 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.12.18 14:27:10 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.12.18 14:27:10 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012.12.18 14:27:09 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012.12.18 14:27:08 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.12.18 14:27:08 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.12.18 14:27:08 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.12.18 14:27:08 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.12.18 14:27:08 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.12.18 14:27:07 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.12.18 14:27:07 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012.12.18 14:27:07 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012.12.18 14:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.18 14:27:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.12.18 14:27:02 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.12.18 14:13:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.12.18 14:09:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 14:09:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 14:09:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 14:09:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 14:09:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 14:09:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 14:09:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 14:09:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 14:07:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.12.18 14:03:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.18 14:03:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.18 14:02:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.18 14:02:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.18 14:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.18 14:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.18 14:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.18 14:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.18 14:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.18 14:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.18 14:02:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.18 14:02:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.18 14:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.18 14:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.18 14:02:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.18 14:02:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.18 14:02:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.18 14:02:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.18 14:02:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.18 14:02:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.18 14:02:43 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.12.18 14:02:43 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.12.18 14:02:34 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.18 14:00:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.12.17 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2012.12.17 14:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.17 14:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.17 14:40:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.12.17 14:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.12.15 20:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012.12.15 13:16:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2012.12.15 12:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.12.15 12:33:49 | 000,000,000 | ---D | C] -- C:\GOG Games
[2012.11.22 06:56:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2012.11.22 06:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.22 06:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.18 19:47:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 19:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.18 18:16:29 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 18:16:29 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 18:09:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.18 18:08:35 | 000,489,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 18:07:18 | 000,195,584 | -HS- | M] () -- C:\dksimage.bin
[2012.12.18 17:00:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.18 16:47:19 | 005,012,571 | R--- | M] (Swearware) -- D:\Desktop\ComboFix.exe
[2012.12.18 16:46:30 | 000,496,299 | ---- | M] (Oleg N. Scherbakov) -- D:\Desktop\JRT.exe
[2012.12.18 14:25:18 | 001,784,352 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.12.18 14:25:18 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.12.18 14:25:18 | 000,185,776 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.12.18 14:25:18 | 000,167,936 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.12.18 14:25:18 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.12.18 14:25:17 | 000,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012.12.18 14:25:16 | 002,898,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012.12.18 14:25:16 | 001,265,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012.12.18 14:25:16 | 000,326,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012.12.18 14:25:16 | 000,052,256 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012.12.18 14:25:15 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.12.18 14:25:15 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.12.18 14:25:14 | 001,933,312 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.12.18 14:25:14 | 000,159,744 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.12.18 14:25:14 | 000,126,976 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.12.18 14:25:10 | 000,266,240 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.12.18 14:25:10 | 000,142,848 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012.12.18 14:25:10 | 000,125,952 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012.12.18 14:25:04 | 000,831,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.12.18 14:10:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.18 14:10:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.18 14:10:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.18 14:10:26 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.17 17:52:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.12.17 17:52:44 | 000,547,175 | ---- | M] () -- D:\Desktop\adwcleaner.exe
[2012.12.17 14:40:30 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.17 07:15:21 | 000,003,540 | ---- | M] () -- C:\Users\user\AppData\Roaming\FjMenu1.XML
[2012.12.15 20:09:58 | 000,002,660 | ---- | M] () -- C:\Users\Public\Desktop\The Incredible Machine - Even More Contraptions.lnk
[2012.12.15 20:09:58 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\The Even More Incredible Machine.lnk
[2012.12.15 20:09:58 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\The Incredible Machine 3.lnk
[2012.12.15 20:09:57 | 000,002,662 | ---- | M] () -- C:\Users\Public\Desktop\Return of the Incredible Machine Contraptions.lnk
[2012.12.15 13:16:50 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Hotline Miami.lnk
[2012.12.15 13:14:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.15 13:14:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.15 12:33:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Duke Nukem 3D.lnk
[2012.11.22 06:52:33 | 000,170,190 | ---- | M] () -- C:\Windows\unins000.dat
[2012.11.22 06:52:16 | 000,723,230 | ---- | M] () -- C:\Windows\unins000.exe
[2012.11.22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.18 16:53:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.18 16:53:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.18 16:53:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.18 16:53:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.18 16:53:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.18 14:13:57 | 000,547,175 | ---- | C] () -- D:\Desktop\adwcleaner.exe
[2012.12.17 14:40:30 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.15 20:09:58 | 000,002,660 | ---- | C] () -- C:\Users\Public\Desktop\The Incredible Machine - Even More Contraptions.lnk
[2012.12.15 20:09:58 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\The Even More Incredible Machine.lnk
[2012.12.15 20:09:58 | 000,002,441 | ---- | C] () -- C:\Users\Public\Desktop\The Incredible Machine 3.lnk
[2012.12.15 20:09:57 | 000,002,662 | ---- | C] () -- C:\Users\Public\Desktop\Return of the Incredible Machine Contraptions.lnk
[2012.12.15 13:16:50 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Hotline Miami.lnk
[2012.12.15 12:33:57 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Duke Nukem 3D.lnk
[2012.11.22 06:52:32 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2012.11.22 06:52:32 | 000,170,190 | ---- | C] () -- C:\Windows\unins000.dat
[2012.09.23 21:56:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.09.09 12:52:05 | 000,003,540 | ---- | C] () -- C:\Users\user\AppData\Roaming\FjMenu1.XML
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.12.2012 20:08:10 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,95 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 49,50% Memory free
3,91 Gb Paging File | 2,64 Gb Available in Paging File | 67,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,34 Gb Total Space | 54,73 Gb Free Space | 72,64% Space Free | Partition Type: NTFS
Drive D: | 73,61 Gb Total Space | 55,89 Gb Free Space | 75,93% Space Free | Partition Type: NTFS
Drive E: | 2,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NB03 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EC0CEF-B73A-4187-836A-9D4B0A0C9692}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{02F4042F-C92C-4CA0-8748-AA38EA91516A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{17C9CF18-1195-44D4-BD6C-37C954DEC7C0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{185A58DF-6EE6-4B4B-99E0-CA2750ADE05E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29E9FD24-1BB0-4839-A8A3-76848D813D8A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3A1B6553-132C-4A2A-8430-0F646AE9521C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{54DF86C8-BC6D-4562-BD06-C33DF96FCD61}" = lport=138 | protocol=17 | dir=in | app=system | 
"{55DC3ED3-C791-4431-A799-2F695D5E3FF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5DCE3BD5-851A-47BA-A837-B96CEA7B20A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5FCCDE1C-5EFD-4B2E-ABF8-7999108246C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{757453D0-5565-4ECB-8B94-C37570115871}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7AEBF576-0ACF-4389-B643-1D9E85DD2A1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BB51BC6-5817-4EE7-992B-70B2389E95F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{80410D74-C362-4756-A641-0B56A33C1B92}" = lport=12001 | protocol=17 | dir=in | name=smart webserver handshake multicast port | 
"{8C958986-645E-4E43-ACF6-62AB6B3D443B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96DEA2E3-1B3B-4605-9C13-2453C19CFDDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C3A0466-DC51-4C33-B4A9-1CA5B51515D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E2056BA-0061-4886-94C1-29AACC90817B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A5394CD3-6712-44BF-AE70-7B160D3BCC1E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B415906B-AE01-40C7-A355-74A10DC36E79}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CAD228E3-2043-4BA9-8417-9E6AB4411941}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DC47C33B-C47D-4EF2-A348-2BADF145020F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC55BEF-B95C-4A71-9C35-84191BBCF94B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{0C3B5497-D8CE-4074-9816-B8AC7805F296}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{0C691053-523F-43E4-B410-5FC32DE92F19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F3CCCC4-531A-4272-AB57-0D9D4D5ECE59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{114419C2-9F26-4661-B01B-2584BC5B64DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11E0841B-C044-43E9-96A7-09D20CBFD2C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A31EC78-AB3F-4617-9629-160A058A761E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1BC8F035-FF16-4E22-ABFA-45C3F3D1AB93}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{36F6B6C4-D3AF-4861-B539-9A628D2C99FC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{3EC7E6E1-C659-4A14-833E-CE5F36C18C29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4459F60E-8AED-44C7-B6B0-A060CFC0062E}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{4485BD50-1D50-4E05-BA9D-B566F6AAD227}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{571585C9-F000-4C39-B18E-7C0439EC98E2}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | 
"{5901F743-540A-4AA4-AE95-BD2193BB2404}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67D80EDA-948B-47A8-987B-1F81859E2DAF}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6D48A8E5-CE14-4807-829D-C272BB83BA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{704182FC-8E62-49D8-A0AE-0CC91E9AFCD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{70E26B31-9517-4084-B776-56E5B6D0E891}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{7278F6BC-D24C-47EB-8BD7-5C87D1C724A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BA3AC29-1C39-4B3A-B677-49BD72958AEA}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8C5E1781-C175-4259-88E1-ACB8847DA8BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9515005C-F16B-452E-B6E9-1D4F1ACA602D}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{A96F3571-8405-4028-9459-F11AC0F0A50D}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{AA8A0CA6-070A-482D-903F-9F187CA40A03}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | 
"{AB21CDF9-9E86-4426-B8DA-9814C75C8163}" = protocol=6 | dir=out | app=system | 
"{AC52E1DC-D9E9-4B28-ADD1-61012213DCAF}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{AE6FF448-9C26-4B3C-9019-258B2185F946}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{B6FB446F-46DE-45CA-9816-7B3D80439C73}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{C0000157-BB89-4DCC-A2C3-E2BBF73D53A0}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{C59466B1-0FD3-4F69-A558-AB456AF183D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAC900A2-2CA5-43C7-BBB6-1E9F8B5DD682}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3176448-99CA-47C8-9C1B-D77C20D971A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E6EDC1AD-399A-4D7F-B64C-6EB5A0F8500E}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{EB81F6EA-9A81-47B3-B5F8-2A825FFD089B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{F93B54A8-DF47-4F19-8BB0-EE3D84F9552B}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"TCP Query User{38EB052D-990F-4CC7-9769-BF50BB348516}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"TCP Query User{A44BFCBC-121C-4746-8643-2A0376D39B92}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"UDP Query User{AD117D0D-1C45-4893-8635-BDBDB0B4DE93}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"UDP Query User{B6BFBC4A-39EF-41B9-BA95-24E594B857EB}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{07100081-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Encarta 2007 - Enzyklopädie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{31F08D1D-E42D-41F7-B53C-FDDA7D934C1E}" = Lernwerkstatt
"{3A714E01-1F68-4DE5-BA35-CD687F7A8606}" = Lernwerkstatt 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6800642C-2440-4B02-8F88-9F9E3F409E7B}" = Schulberichtsmanager 11
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Media Player
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{866183b1-acef-4af1-9d8e-bb0a390f5580}" = Nero 9 Essentials
"{8D4B716A-0ABE-4238-9090-D208E5F57A5E}" = SMART Product Update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{DF2C0D27-F693-42B4-B439-B3CD60416DFD}" = Fujitsu Button Utilities
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Budenberg_is1" = Budenberg Software Mehrplatz 5/10 WIN
"Computer-Lernkartei" = Computer-Lernkartei
"DAEMON Tools Lite" = DAEMON Tools Lite
"DKS Drive" = DKS Drive 5.2.307
"Druckschriften_is1" = Druckschriften (2.0)
"GOGPACKDUKE3D_is1" = Duke Nukem 3D
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{31F08D1D-E42D-41F7-B53C-FDDA7D934C1E}" = Lernwerkstatt
"InstallShield_{3A714E01-1F68-4DE5-BA35-CD687F7A8606}" = Lernwerkstatt 7
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Mathematische Zeichensätze_is1" = Mathematische Zeichensätze 1.0
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pädagogische Zeichensätze 1_is1" = Pädagogische Zeichensätze 1 (2.0)
"Pädagogische Zeichensätze 2_is1" = Pädagogische Zeichensätze 2 (2.0)
"Pädagogische Zeichensätze 3_is1" = Pädagogische Zeichensätze 3 (2.0)
"Pädagogische Zeichensätze 4_is1" = Pädagogische Zeichensätze 4 (2.0)
"Pädagogische Zeichensätze 5_is1" = Pädagogische Zeichensätze 5 1.0
"Pen Tablet Driver" = Stifttablett
"PROR" = Microsoft Office Professional 2007
"Schulausgangsschrift_is1" = Schulausgangsschrift (2.0)
"The Incredible Machine Series_is1" = The Incredible Machine Series
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2012 13:09:05 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:05 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:33 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:33 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:33 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:33 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:34 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:09:34 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 18.12.2012 13:45:16 | Computer Name = NB03 | Source = System Restore | ID = 8193
Description = 
 
Error - 18.12.2012 15:05:09 | Computer Name = NB03 | Source = FjLogEvt | ID = 1
Description = FjEvents.exe : Error accessing registry.
 
[ System Events ]
Error - 18.12.2012 11:54:37 | Computer Name = NB03 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.12.2012 11:56:55 | Computer Name = NB03 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.12.2012 12:00:06 | Computer Name = NB03 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.12.2012 12:22:31 | Computer Name = NB03 | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

--- --- ---
[/QUOTE]

Passt das?

M-K-D-B · 18.12.2012, 20:13

Servus,

ich konnte bisher keinen Keylogger sehen.

Wenn du nichts dagegen hast, möchte ich die Bereinigung gerne noch fortsetzen/abschließen. Poste bitte die neue Logdatei von OTL.

beckmatt · 18.12.2012, 20:35

Oh, war greade am editieren als du schriebst... sieh post oben

M-K-D-B · 19.12.2012, 19:26

Servus,

kein Problem.

Schritt 1

Öffne Google Chrome.
Klicke rechts oben auf Google Chrome anpassen.
Wähle Einstellungen.
Unter Erscheinungsbild > Haken setzen bei "Schaltfläche Startseite anzeigen"
Unter "Neuer Tab"-Seite klicke auf Ändern
Unter Diese Seite ändern gib deine gewünschte Seite ein, z. B. www.google.de
Bestätige mit Ok.
Schließe Google Chrome, starte den Browser neu und berichte, ob das Problem weiterhin besteht.

Schritt 2
Downloade Dir bitte Malwarebytes' Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

beckmatt · 19.12.2012, 22:03

Hallo Matthias,

zu google chrome: Habe die Aktionen durchgeführt und die neuen Tabs, die sich öffnen, sind auch nach dem Neustart google. Die STartseite ist aber immer noch claro, das sollte ich aber auch nicht ändern, hab ich deswegen auch nicht.

Hier das logfile von MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.19.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: NB03 [Administrator]

Schutz: Aktiviert

19.12.2012 20:30:11
mbam-log-2012-12-19 (20-30-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202488
Laufzeit: 6 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier ESET (hat ganz schön lang gedauert):

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=cda1faa894b3664a8ba69acb597453ea
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-19 07:55:01
# local_time=2012-12-19 08:55:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 114551 107578092 0 0
# scanned=279
# found=0
# cleaned=0
# scan_time=62
esets_scanner_update returned -1 esets_gle=53251

und hier security check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.56  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 Adobe Flash Player 	11.5.502.135  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (17.0.1) 
 Google Chrome 22.0.1229.79  
 Google Chrome 22.0.1229.94  
 Google Chrome 23.0.1271.64  
 Google Chrome 23.0.1271.97  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AvastSvc.exe    
 AvastUI.exe    
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Erledigt!

Grüße
beckmatt

p.s. hab grad beim deinstallieren gemerkt dass noch eine claro chrome toolbar installiert ist...

M-K-D-B · 20.12.2012, 16:53

Servus,

vielen Dank für die Hinweise.

Schritt 1

Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- claro chrome toolbar
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.

Schritt 2

Öffne Google Chrome.
Klicke rechts oben auf Google Chrome anpassen.
Wähle Einstellungen.
Unter Beim Start > Wähle "Bestimmte Seite oder Seiten öffnen" aus und klicke auf Seiten festlegen.
Gib die gewünschte Startseite ein und bestätige mit Ok.
Schließe Google Chrome, starte den Browser neu und berichte, ob das Problem weiterhin besteht.

Schritt 3
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden neuen Logdateien von OTL.

beckmatt · 22.12.2012, 11:06

Hallo Matthias,

so, nun habe ich die claro-toolbar deinstalliert, und dabei auch festgestellt, wie ich mich infiziert habe, nämlich bei einer mediaplayer-installation am 22. 11. Es wurde ein sog. mediaplayer installiert, den ich dann auch deinstalliert habe. das wurde wahrscheinlich allles mit dem midiplayer installiert, den ich an dem Tag von hxxp://www.soft-ware.net/downloads/midi-player.asp runtergeladen habe. War wohl etwas in Eile und unvorsichtig, musste unbedingt für den Unterricht einen Midiplayer finden...

Vielleicht hilft euch das ja bei neuen Infizierungen.

Schritt 2:
Google Chrome startet nun wieder so, wie ich ihn verlassen habe, die Startseite ist geändert und dei Suchseite auch. Alles bleibt so nach dem Neustart von Google chrome.

Schritt 3:
Hier die Logadateien:
OTL.txt:

Code:

ATTFilter

OTL logfile created on: 22.12.2012 10:57:02 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,95 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,91% Memory free
3,91 Gb Paging File | 2,65 Gb Available in Paging File | 67,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,34 Gb Total Space | 54,55 Gb Free Space | 72,41% Space Free | Partition Type: NTFS
Drive D: | 73,61 Gb Total Space | 55,87 Gb Free Space | 75,90% Space Free | Partition Type: NTFS
Drive E: | 2,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NB03 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.17 17:52:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012.12.16 10:54:41 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\avast\AvastSvc.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.21 15:17:54 | 000,094,064 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTInk.exe
PRC - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe
PRC - [2012.03.21 14:25:28 | 002,186,096 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2012.03.09 08:14:50 | 010,132,336 | ---- | M] (SMART Technologies ULC) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.11.06 00:00:00 | 000,057,344 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\fjmnuico.exe
PRC - [2009.11.06 00:00:00 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjEvents.exe
PRC - [2009.10.09 00:00:00 | 002,792,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.10.09 00:00:00 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.06.04 12:48:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.05.06 16:15:44 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjDspMon.exe
PRC - [2007.11.19 15:32:32 | 000,717,312 | ---- | M] (Dr. Kaiser Systemhaus GmbH) -- C:\Programme\DKS\Drive\DksStatus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.18 15:36:32 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012.12.18 15:36:32 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012.12.18 15:36:24 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.12.18 14:11:25 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.12.18 14:11:11 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.12.18 14:11:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.12.18 14:10:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.12.18 14:08:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.12.18 14:08:49 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.12.18 14:08:41 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.12.18 14:08:23 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.12.18 14:08:22 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.12.18 14:08:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.12.16 10:54:41 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.09.23 20:52:15 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2012.09.23 20:51:45 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2007.05.25 14:18:08 | 000,081,920 | ---- | M] () -- C:\Windows\System32\dksio.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.16 10:54:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.15 13:14:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:51:43 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.09 09:30:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.10.09 00:00:00 | 002,792,232 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 12:48:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.10.07 11:37:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.26 15:49:24 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.03.21 14:26:40 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2012.03.21 14:26:34 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2012.03.21 14:26:30 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.03.23 10:26:00 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2010.03.23 08:52:59 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 00:00:00 | 000,036,648 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2009.10.09 00:00:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.10.09 00:00:00 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.09.01 00:00:00 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2007.12.21 12:28:10 | 000,135,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dksdrv2k.sys -- (Waechter)
DRV - [2005.11.14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2004.01.18 04:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2003.06.20 14:30:48 | 000,011,392 | ---- | M] (Fujitsu PC Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FjBtndrv.sys -- (Fjbtndrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 5B A6 22 60 CA CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B338e0b96-2285-4424-b4c8-e25560750fa3%7D:3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.16 10:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.10 22:56:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.16 10:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.10 22:56:59 | 000,000,000 | ---D | M]
 
[2010.09.09 09:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.12.18 16:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x6s7ah3p.default\extensions
[2012.09.29 09:11:49 | 000,003,145 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\x6s7ah3p.default\extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
[2012.11.10 22:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.16 10:54:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.12.18 17:00:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O4 - HKLM..\Run: [avast] D:\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DksStatus.exe] C:\Programme\DKS\Drive\DksStatus.exe (Dr. Kaiser Systemhaus GmbH)
O4 - HKLM..\Run: [FjStrtAp] C:\Programme\Fujitsu\Utils\fjstrtap.exe (Fujitsu Computer Systems Corp.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC28BAA-5E2A-4718-9525-37FE636069B8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A97ABAB-6B98-482F-A258-0FE71E07BDF8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.19 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.19 20:28:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.12.19 20:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.19 20:28:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.19 20:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.18 20:27:45 | 000,000,000 | ---D | C] -- D:\Desktop\LOGS
[2012.12.18 17:02:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.18 17:02:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.18 17:02:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.18 17:00:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.18 16:53:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.18 16:53:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.18 16:53:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.18 16:53:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.18 16:53:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.18 16:48:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.18 16:48:25 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.18 16:47:30 | 005,012,571 | R--- | C] (Swearware) -- D:\Desktop\ComboFix.exe
[2012.12.18 16:47:30 | 000,496,299 | ---- | C] (Oleg N. Scherbakov) -- D:\Desktop\JRT.exe
[2012.12.18 14:27:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.12.18 14:27:10 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.12.18 14:27:10 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012.12.18 14:27:10 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012.12.18 14:27:10 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.12.18 14:27:10 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012.12.18 14:27:10 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.12.18 14:27:10 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.12.18 14:27:10 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.12.18 14:27:10 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012.12.18 14:27:09 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012.12.18 14:27:08 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.12.18 14:27:08 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.12.18 14:27:08 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.12.18 14:27:08 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.12.18 14:27:08 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.12.18 14:27:07 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.12.18 14:27:07 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012.12.18 14:27:07 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012.12.18 14:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.18 14:27:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.12.18 14:27:02 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.12.18 14:13:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.12.18 14:09:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 14:09:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 14:09:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 14:09:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 14:09:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 14:09:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 14:09:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 14:09:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 14:03:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.18 14:03:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.18 14:02:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.18 14:02:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.18 14:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.18 14:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.18 14:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.18 14:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.18 14:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.18 14:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.18 14:02:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.18 14:02:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.18 14:02:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.18 14:02:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.18 14:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.18 14:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.18 14:02:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.18 14:02:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.18 14:02:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.18 14:02:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.18 14:02:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.18 14:02:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.18 14:02:43 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.12.18 14:02:43 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.12.18 14:02:34 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.18 14:00:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.12.17 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2012.12.17 14:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.17 14:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.17 14:40:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.12.17 14:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.12.15 20:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012.12.15 13:16:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2012.12.15 12:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.12.15 12:33:49 | 000,000,000 | ---D | C] -- C:\GOG Games
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.22 10:47:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.22 10:42:37 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 10:42:37 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 10:34:51 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.22 10:34:02 | 000,195,584 | -HS- | M] () -- C:\dksimage.bin
[2012.12.19 23:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.19 20:52:52 | 000,856,731 | ---- | M] () -- D:\Desktop\SecurityCheck.exe
[2012.12.19 20:49:18 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.19 20:49:18 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.19 20:49:18 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.19 20:49:18 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.19 20:28:53 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.18 18:08:35 | 000,489,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 17:00:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.18 16:47:19 | 005,012,571 | R--- | M] (Swearware) -- D:\Desktop\ComboFix.exe
[2012.12.18 16:46:30 | 000,496,299 | ---- | M] (Oleg N. Scherbakov) -- D:\Desktop\JRT.exe
[2012.12.18 14:25:18 | 001,784,352 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.12.18 14:25:18 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.12.18 14:25:18 | 000,185,776 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.12.18 14:25:18 | 000,167,936 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.12.18 14:25:18 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.12.18 14:25:17 | 000,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012.12.18 14:25:16 | 002,898,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012.12.18 14:25:16 | 001,265,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012.12.18 14:25:16 | 000,326,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012.12.18 14:25:16 | 000,052,256 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012.12.18 14:25:15 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.12.18 14:25:15 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.12.18 14:25:14 | 001,933,312 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.12.18 14:25:14 | 000,159,744 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.12.18 14:25:14 | 000,126,976 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.12.18 14:25:10 | 000,266,240 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.12.18 14:25:10 | 000,142,848 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012.12.18 14:25:10 | 000,125,952 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012.12.18 14:25:04 | 000,831,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.12.17 17:52:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.12.17 17:52:44 | 000,547,175 | ---- | M] () -- D:\Desktop\adwcleaner.exe
[2012.12.17 14:40:30 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.17 07:15:21 | 000,003,540 | ---- | M] () -- C:\Users\user\AppData\Roaming\FjMenu1.XML
[2012.12.15 20:09:58 | 000,002,660 | ---- | M] () -- C:\Users\Public\Desktop\The Incredible Machine - Even More Contraptions.lnk
[2012.12.15 20:09:58 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\The Even More Incredible Machine.lnk
[2012.12.15 20:09:58 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\The Incredible Machine 3.lnk
[2012.12.15 20:09:57 | 000,002,662 | ---- | M] () -- C:\Users\Public\Desktop\Return of the Incredible Machine Contraptions.lnk
[2012.12.15 13:16:50 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Hotline Miami.lnk
[2012.12.15 13:14:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.15 13:14:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.15 12:33:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Duke Nukem 3D.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.19 20:53:55 | 000,856,731 | ---- | C] () -- D:\Desktop\SecurityCheck.exe
[2012.12.19 20:28:53 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.18 16:53:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.18 16:53:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.18 16:53:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.18 16:53:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.18 16:53:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.18 14:13:57 | 000,547,175 | ---- | C] () -- D:\Desktop\adwcleaner.exe
[2012.12.17 14:40:30 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.15 20:09:58 | 000,002,660 | ---- | C] () -- C:\Users\Public\Desktop\The Incredible Machine - Even More Contraptions.lnk
[2012.12.15 20:09:58 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\The Even More Incredible Machine.lnk
[2012.12.15 20:09:58 | 000,002,441 | ---- | C] () -- C:\Users\Public\Desktop\The Incredible Machine 3.lnk
[2012.12.15 20:09:57 | 000,002,662 | ---- | C] () -- C:\Users\Public\Desktop\Return of the Incredible Machine Contraptions.lnk
[2012.12.15 13:16:50 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Hotline Miami.lnk
[2012.12.15 12:33:57 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Duke Nukem 3D.lnk
[2012.09.23 21:56:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.09.09 12:52:05 | 000,003,540 | ---- | C] () -- C:\Users\user\AppData\Roaming\FjMenu1.XML
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 22.12.2012 10:57:02 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,95 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,91% Memory free
3,91 Gb Paging File | 2,65 Gb Available in Paging File | 67,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,34 Gb Total Space | 54,55 Gb Free Space | 72,41% Space Free | Partition Type: NTFS
Drive D: | 73,61 Gb Total Space | 55,87 Gb Free Space | 75,90% Space Free | Partition Type: NTFS
Drive E: | 2,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NB03 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EC0CEF-B73A-4187-836A-9D4B0A0C9692}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{02F4042F-C92C-4CA0-8748-AA38EA91516A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{17C9CF18-1195-44D4-BD6C-37C954DEC7C0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{185A58DF-6EE6-4B4B-99E0-CA2750ADE05E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29E9FD24-1BB0-4839-A8A3-76848D813D8A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3A1B6553-132C-4A2A-8430-0F646AE9521C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{54DF86C8-BC6D-4562-BD06-C33DF96FCD61}" = lport=138 | protocol=17 | dir=in | app=system | 
"{55DC3ED3-C791-4431-A799-2F695D5E3FF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5DCE3BD5-851A-47BA-A837-B96CEA7B20A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5FCCDE1C-5EFD-4B2E-ABF8-7999108246C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{757453D0-5565-4ECB-8B94-C37570115871}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7AEBF576-0ACF-4389-B643-1D9E85DD2A1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BB51BC6-5817-4EE7-992B-70B2389E95F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{80410D74-C362-4756-A641-0B56A33C1B92}" = lport=12001 | protocol=17 | dir=in | name=smart webserver handshake multicast port | 
"{8C958986-645E-4E43-ACF6-62AB6B3D443B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96DEA2E3-1B3B-4605-9C13-2453C19CFDDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C3A0466-DC51-4C33-B4A9-1CA5B51515D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E2056BA-0061-4886-94C1-29AACC90817B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A5394CD3-6712-44BF-AE70-7B160D3BCC1E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B415906B-AE01-40C7-A355-74A10DC36E79}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CAD228E3-2043-4BA9-8417-9E6AB4411941}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DC47C33B-C47D-4EF2-A348-2BADF145020F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC55BEF-B95C-4A71-9C35-84191BBCF94B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{0C3B5497-D8CE-4074-9816-B8AC7805F296}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{0C691053-523F-43E4-B410-5FC32DE92F19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F3CCCC4-531A-4272-AB57-0D9D4D5ECE59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{114419C2-9F26-4661-B01B-2584BC5B64DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11E0841B-C044-43E9-96A7-09D20CBFD2C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A31EC78-AB3F-4617-9629-160A058A761E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1BC8F035-FF16-4E22-ABFA-45C3F3D1AB93}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{36F6B6C4-D3AF-4861-B539-9A628D2C99FC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{3EC7E6E1-C659-4A14-833E-CE5F36C18C29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4459F60E-8AED-44C7-B6B0-A060CFC0062E}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{4485BD50-1D50-4E05-BA9D-B566F6AAD227}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{571585C9-F000-4C39-B18E-7C0439EC98E2}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | 
"{5901F743-540A-4AA4-AE95-BD2193BB2404}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67D80EDA-948B-47A8-987B-1F81859E2DAF}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6D48A8E5-CE14-4807-829D-C272BB83BA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{704182FC-8E62-49D8-A0AE-0CC91E9AFCD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{70E26B31-9517-4084-B776-56E5B6D0E891}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{7278F6BC-D24C-47EB-8BD7-5C87D1C724A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BA3AC29-1C39-4B3A-B677-49BD72958AEA}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8C5E1781-C175-4259-88E1-ACB8847DA8BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9515005C-F16B-452E-B6E9-1D4F1ACA602D}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{A96F3571-8405-4028-9459-F11AC0F0A50D}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{AA8A0CA6-070A-482D-903F-9F187CA40A03}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | 
"{AB21CDF9-9E86-4426-B8DA-9814C75C8163}" = protocol=6 | dir=out | app=system | 
"{AC52E1DC-D9E9-4B28-ADD1-61012213DCAF}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{AE6FF448-9C26-4B3C-9019-258B2185F946}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{B6FB446F-46DE-45CA-9816-7B3D80439C73}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{C0000157-BB89-4DCC-A2C3-E2BBF73D53A0}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{C59466B1-0FD3-4F69-A558-AB456AF183D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAC900A2-2CA5-43C7-BBB6-1E9F8B5DD682}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3176448-99CA-47C8-9C1B-D77C20D971A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E6EDC1AD-399A-4D7F-B64C-6EB5A0F8500E}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{EB81F6EA-9A81-47B3-B5F8-2A825FFD089B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{F93B54A8-DF47-4F19-8BB0-EE3D84F9552B}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"TCP Query User{38EB052D-990F-4CC7-9769-BF50BB348516}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"TCP Query User{A44BFCBC-121C-4746-8643-2A0376D39B92}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"UDP Query User{AD117D0D-1C45-4893-8635-BDBDB0B4DE93}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"UDP Query User{B6BFBC4A-39EF-41B9-BA95-24E594B857EB}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07100081-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Encarta 2007 - Enzyklopädie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{31F08D1D-E42D-41F7-B53C-FDDA7D934C1E}" = Lernwerkstatt
"{3A714E01-1F68-4DE5-BA35-CD687F7A8606}" = Lernwerkstatt 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6800642C-2440-4B02-8F88-9F9E3F409E7B}" = Schulberichtsmanager 11
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{866183b1-acef-4af1-9d8e-bb0a390f5580}" = Nero 9 Essentials
"{8D4B716A-0ABE-4238-9090-D208E5F57A5E}" = SMART Product Update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{DF2C0D27-F693-42B4-B439-B3CD60416DFD}" = Fujitsu Button Utilities
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Budenberg_is1" = Budenberg Software Mehrplatz 5/10 WIN
"Computer-Lernkartei" = Computer-Lernkartei
"DAEMON Tools Lite" = DAEMON Tools Lite
"DKS Drive" = DKS Drive 5.2.307
"Druckschriften_is1" = Druckschriften (2.0)
"ESET Online Scanner" = ESET Online Scanner v3
"GOGPACKDUKE3D_is1" = Duke Nukem 3D
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{31F08D1D-E42D-41F7-B53C-FDDA7D934C1E}" = Lernwerkstatt
"InstallShield_{3A714E01-1F68-4DE5-BA35-CD687F7A8606}" = Lernwerkstatt 7
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mathematische Zeichensätze_is1" = Mathematische Zeichensätze 1.0
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pädagogische Zeichensätze 1_is1" = Pädagogische Zeichensätze 1 (2.0)
"Pädagogische Zeichensätze 2_is1" = Pädagogische Zeichensätze 2 (2.0)
"Pädagogische Zeichensätze 3_is1" = Pädagogische Zeichensätze 3 (2.0)
"Pädagogische Zeichensätze 4_is1" = Pädagogische Zeichensätze 4 (2.0)
"Pädagogische Zeichensätze 5_is1" = Pädagogische Zeichensätze 5 1.0
"Pen Tablet Driver" = Stifttablett
"PROR" = Microsoft Office Professional 2007
"Schulausgangsschrift_is1" = Schulausgangsschrift (2.0)
"The Incredible Machine Series_is1" = The Incredible Machine Series
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.12.2012 05:35:30 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 22.12.2012 05:35:30 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 22.12.2012 05:35:30 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 22.12.2012 05:35:30 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 22.12.2012 05:35:30 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 22.12.2012 05:35:30 | Computer Name = NB03 | Source = TabletServicePen | ID = 0
Description = 
 
Error - 22.12.2012 05:41:16 | Computer Name = NB03 | Source = System Restore | ID = 8193
Description = 
 
Error - 22.12.2012 05:41:17 | Computer Name = NB03 | Source = FjLogEvt | ID = 1
Description = FjEvents.exe : Error accessing registry.
 
Error - 22.12.2012 05:41:19 | Computer Name = NB03 | Source = System Restore | ID = 8193
Description = 
 
Error - 22.12.2012 05:56:32 | Computer Name = NB03 | Source = FjLogEvt | ID = 1
Description = FjEvents.exe : Error accessing registry.
 
[ System Events ]
Error - 22.12.2012 05:29:29 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:29:29 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:29:29 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:29:41 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:29:41 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:29:41 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:29:59 | Computer Name = NB03 | Source = DCOM | ID = 10005
Description = 
 
Error - 22.12.2012 05:31:21 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:31:21 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 05:31:21 | Computer Name = NB03 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

Viele Grüße und ein frohes Weihnachtsfest

beckmatt

M-K-D-B · 22.12.2012, 12:06

Servus,

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.

Schritt 2
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 3
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 4
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Klicke auf Löschen.
Schließe die sich öffnende Textdatei.
Klicke abschließend auf Deinstallation.
Bestätige mit Ja.
Starte deinen Rechner neu auf!

Schritt 5
Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 23.12.2012, 11:26

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

beckmatt · 25.12.2012, 14:52

Hallo Matthias,

auch ich hatte über die Feiertage nicht die Zeit, mich zu kümmern. Nun habe ich den Prozess abgeschlossen. Zunächst einmal vielen Dank für die tolle Hilfe. Der Computer läuft nun bestens. Allerdings habe ich noch einige Anmerkungen:

1.

Zitat:

Schritt 2
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Defogger hab ich nicht instllaiert gehabt, deswegen hab ich den Schritt einfach weggelassen. Ich hoffe das ist OK.

2.

Zitat:

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt.

Ich hatte Probleme mit dem Programm. Es hat immer mal wieder den Start von Windows verhindert. Deswegen habe ich es deinstalliert.

Ansonsten habe ich alles erledigt. Vielen Dank noch mal für die wertvolle Hilfe, ein weiterhin frohes Fest und nen guten Rutsch!

beckmatt

M-K-D-B · 26.12.2012, 11:37

Servus,

vielen Dank für deine Rückmeldung.

Du hast alles richtig gemacht.

Alles Gute!

18.12.2012, 18:16	#4
M-K-D-B /// TB-Ausbilder	Kampf gegen den claro-Trojaner aufgenommen Servus, alles richtig gemacht. Gibt es immer noch Probleme mit Claro? Wenn ja, wie äußert sich das Problem? In welchem Browser tritt Claro noch auf? Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.

18.12.2012, 20:13	#6
M-K-D-B /// TB-Ausbilder	Kampf gegen den claro-Trojaner aufgenommen Servus, ich konnte bisher keinen Keylogger sehen. Wenn du nichts dagegen hast, möchte ich die Bereinigung gerne noch fortsetzen/abschließen. Poste bitte die neue Logdatei von OTL.

23.12.2012, 11:26	#13
M-K-D-B /// TB-Ausbilder	Kampf gegen den claro-Trojaner aufgenommen Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

26.12.2012, 11:37	#15
M-K-D-B /// TB-Ausbilder	Kampf gegen den claro-Trojaner aufgenommen Servus, vielen Dank für deine Rückmeldung. Du hast alles richtig gemacht. Alles Gute!

Kampf gegen den claro-Trojaner aufgenommen

Plagegeister aller Art und deren Bekämpfung: Kampf gegen den claro-Trojaner aufgenommen