Bundespolizeitrojaner mit Verschlüsselung entfernen

cosinus · 29.01.2013, 15:31

Du hast das alte MBAR benutzt. Lade bitte das aktuelle MBAR von hier runter => http://downloads.malwarebytes.org/file/mbar

Und vor dem Scan die Signaturen aktualisieren lassen

micra · 29.01.2013, 17:26

Mit der neuen Version startet der Rechner kurz nach Beginn des Scans neu. Habe das jetzt dreimal versucht, immer mit dem gleichen Ergebnis.
Außerdem stürzt der Desktophintergrund beim Starten ab, so dass ein weißer Hintergrund mit der Überschrift 'Active Desktop wiederherstellen' erscheint.

cosinus · 29.01.2013, 20:28

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

micra · 30.01.2013, 08:22

Dein Link funktioniert nicht. Gibt nen 404 Fehler. Auf der Downloadseite von
bleepingcomputer.com steht bei ComboFix 'This download is not available at this time.
We apologize for the issues and hope to have it available soon.'
Gibt es noch andere vertrauenswürdige und aktuelle Quellen für das Programm?

Ich habe mir die Seite bleepingcomputer.com nochmal angesehen. Anscheinend ist das Programm selber von einem Virus betroffen und deshalb vorerst nicht verfügbar. Mehr Infos hier: Information about ComboFix being infected and what you should do

cosinus · 30.01.2013, 11:43

Das dauert noch etwas bis man es wieder nutzen kann.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

micra · 30.01.2013, 12:02

Der Scan ist Durchgeführt und die Funde habe ich Skip gesetzt. Hier das Log:

Code:

ATTFilter

11:56:44.0625 0872  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:56:44.0875 0872  ============================================================
11:56:44.0875 0872  Current date / time: 2013/01/30 11:56:44.0875
11:56:44.0875 0872  SystemInfo:
11:56:44.0875 0872  
11:56:44.0890 0872  OS Version: 5.1.2600 ServicePack: 3.0
11:56:44.0890 0872  Product type: Workstation
11:56:44.0890 0872  ComputerName: xxx
11:56:44.0890 0872  UserName: xxx
11:56:44.0890 0872  Windows directory: C:\WINDOWS
11:56:44.0890 0872  System windows directory: C:\WINDOWS
11:56:44.0890 0872  Processor architecture: Intel x86
11:56:44.0890 0872  Number of processors: 1
11:56:44.0890 0872  Page size: 0x1000
11:56:44.0890 0872  Boot type: Normal boot
11:56:44.0890 0872  ============================================================
11:56:46.0171 0872  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
11:56:46.0171 0872  Drive \Device\Harddisk1\DR12 - Size: 0xEE979000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:56:46.0203 0872  ============================================================
11:56:46.0203 0872  \Device\Harddisk0\DR0:
11:56:46.0203 0872  MBR partitions:
11:56:46.0203 0872  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9512343
11:56:46.0203 0872  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x95123C1, BlocksNum 0x853EA7A
11:56:46.0281 0872  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x11A50E7A, BlocksNum 0xFC7C47
11:56:46.0281 0872  \Device\Harddisk1\DR12:
11:56:46.0281 0872  MBR partitions:
11:56:46.0281 0872  \Device\Harddisk1\DR12\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x772227
11:56:46.0281 0872  ============================================================
11:56:46.0359 0872  E: <-> \Device\Harddisk0\DR0\Partition3
11:56:46.0390 0872  C: <-> \Device\Harddisk0\DR0\Partition1
11:56:46.0500 0872  D: <-> \Device\Harddisk0\DR0\Partition2
11:56:46.0531 0872  ============================================================
11:56:46.0531 0872  Initialize success
11:56:46.0531 0872  ============================================================
11:57:28.0484 3892  ============================================================
11:57:28.0484 3892  Scan started
11:57:28.0484 3892  Mode: Manual; SigCheck; TDLFS; 
11:57:28.0484 3892  ============================================================
11:57:28.0609 3892  ================ Scan system memory ========================
11:57:28.0609 3892  System memory - ok
11:57:28.0609 3892  ================ Scan services =============================
11:57:28.0765 3892  [ 56F93517BB4125A154E2A50B71BFF469 ] 3xHybrid        C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
11:57:29.0296 3892  3xHybrid - ok
11:57:29.0296 3892  Abiosdsk - ok
11:57:29.0312 3892  abp480n5 - ok
11:57:29.0359 3892  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:57:29.0875 3892  ACPI - ok
11:57:29.0921 3892  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:57:30.0062 3892  ACPIEC - ok
11:57:30.0078 3892  adpu160m - ok
11:57:30.0125 3892  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:57:30.0265 3892  aec - ok
11:57:30.0296 3892  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:57:30.0406 3892  AFD - ok
11:57:30.0468 3892  [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:57:30.0640 3892  AgereSoftModem - ok
11:57:30.0656 3892  Aha154x - ok
11:57:30.0671 3892  aic78u2 - ok
11:57:30.0687 3892  aic78xx - ok
11:57:30.0812 3892  [ 36223C0FF66AFD94D1D73FCB8FDFE91E ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:57:31.0093 3892  ALCXWDM - ok
11:57:31.0125 3892  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:57:31.0281 3892  Alerter - ok
11:57:31.0296 3892  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
11:57:31.0437 3892  ALG - ok
11:57:31.0453 3892  AliIde - ok
11:57:31.0468 3892  amsint - ok
11:57:31.0531 3892  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
11:57:31.0546 3892  AntiVirSchedulerService - ok
11:57:31.0578 3892  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:57:31.0593 3892  AntiVirService - ok
11:57:31.0625 3892  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:57:31.0656 3892  Apple Mobile Device - ok
11:57:31.0656 3892  AppMgmt - ok
11:57:31.0703 3892  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:57:31.0843 3892  Arp1394 - ok
11:57:31.0859 3892  asc - ok
11:57:31.0875 3892  asc3350p - ok
11:57:31.0890 3892  asc3550 - ok
11:57:31.0968 3892  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
11:57:31.0984 3892  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
11:57:31.0984 3892  aspnet_state - detected UnsignedFile.Multi.Generic (1)
11:57:32.0015 3892  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:57:32.0156 3892  AsyncMac - ok
11:57:32.0203 3892  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:57:32.0359 3892  atapi - ok
11:57:32.0359 3892  Atdisk - ok
11:57:32.0390 3892  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:57:32.0546 3892  Atmarpc - ok
11:57:32.0578 3892  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:57:32.0734 3892  AudioSrv - ok
11:57:32.0765 3892  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:57:32.0906 3892  audstub - ok
11:57:32.0937 3892  [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio           C:\Programme\Avira\AntiVir Desktop\avgio.sys
11:57:32.0953 3892  avgio - ok
11:57:32.0968 3892  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:57:33.0000 3892  avgntflt - ok
11:57:33.0031 3892  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:57:33.0046 3892  avipbb - ok
11:57:33.0078 3892  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:57:33.0234 3892  Beep - ok
11:57:33.0265 3892  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:57:33.0437 3892  BITS - ok
11:57:33.0484 3892  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
11:57:33.0546 3892  Bonjour Service - ok
11:57:33.0578 3892  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
11:57:33.0640 3892  Browser - ok
11:57:33.0687 3892  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:57:33.0859 3892  cbidf2k - ok
11:57:33.0890 3892  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:57:34.0031 3892  CCDECODE - ok
11:57:34.0046 3892  cd20xrnt - ok
11:57:34.0062 3892  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:57:34.0218 3892  Cdaudio - ok
11:57:34.0234 3892  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:57:34.0390 3892  Cdfs - ok
11:57:34.0421 3892  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:57:34.0562 3892  Cdrom - ok
11:57:34.0578 3892  Changer - ok
11:57:34.0609 3892  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:57:34.0765 3892  CiSvc - ok
11:57:34.0859 3892  [ AFB473C028E75A7FF46A114BC98D690E ] CLCapSvc        C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
11:57:34.0875 3892  CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
11:57:34.0875 3892  CLCapSvc - detected UnsignedFile.Multi.Generic (1)
11:57:34.0906 3892  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:57:35.0078 3892  ClipSrv - ok
11:57:35.0093 3892  [ B41F16348D9F8A38214BF1C8B4FE6EC6 ] CLSched         C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
11:57:35.0109 3892  CLSched ( UnsignedFile.Multi.Generic ) - warning
11:57:35.0109 3892  CLSched - detected UnsignedFile.Multi.Generic (1)
11:57:35.0125 3892  CmdIde - ok
11:57:35.0125 3892  COMSysApp - ok
11:57:35.0156 3892  Cpqarray - ok
11:57:35.0171 3892  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:57:35.0328 3892  CryptSvc - ok
11:57:35.0375 3892  [ 1CFDCB99812C62E19C47896A5857D342 ] CyberLink Media Library Service C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
11:57:35.0484 3892  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
11:57:35.0484 3892  CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
11:57:35.0500 3892  dac2w2k - ok
11:57:35.0515 3892  dac960nt - ok
11:57:35.0562 3892  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:57:35.0656 3892  DcomLaunch - ok
11:57:35.0687 3892  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:57:35.0843 3892  Dhcp - ok
11:57:35.0875 3892  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:57:36.0015 3892  Disk - ok
11:57:36.0031 3892  dmadmin - ok
11:57:36.0062 3892  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:57:36.0250 3892  dmboot - ok
11:57:36.0281 3892  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:57:36.0453 3892  dmio - ok
11:57:36.0484 3892  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:57:36.0656 3892  dmload - ok
11:57:36.0687 3892  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:57:36.0843 3892  dmserver - ok
11:57:36.0875 3892  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:57:37.0015 3892  DMusic - ok
11:57:37.0046 3892  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:57:37.0140 3892  Dnscache - ok
11:57:37.0171 3892  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:57:37.0328 3892  Dot3svc - ok
11:57:37.0343 3892  dpti2o - ok
11:57:37.0375 3892  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:57:37.0515 3892  drmkaud - ok
11:57:37.0562 3892  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:57:37.0703 3892  EapHost - ok
11:57:37.0734 3892  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:57:37.0890 3892  ERSvc - ok
11:57:37.0906 3892  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
11:57:37.0953 3892  Eventlog - ok
11:57:38.0000 3892  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
11:57:38.0031 3892  EventSystem - ok
11:57:38.0062 3892  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:57:38.0218 3892  Fastfat - ok
11:57:38.0250 3892  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:57:38.0312 3892  FastUserSwitchingCompatibility - ok
11:57:38.0328 3892  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:57:38.0468 3892  Fdc - ok
11:57:38.0484 3892  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:57:38.0640 3892  Fips - ok
11:57:38.0656 3892  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:57:38.0796 3892  Flpydisk - ok
11:57:38.0843 3892  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:57:38.0984 3892  FltMgr - ok
11:57:39.0000 3892  [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
11:57:39.0015 3892  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
11:57:39.0015 3892  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
11:57:39.0046 3892  [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
11:57:39.0062 3892  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
11:57:39.0062 3892  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
11:57:39.0093 3892  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:57:39.0250 3892  Fs_Rec - ok
11:57:39.0265 3892  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:57:39.0421 3892  Ftdisk - ok
11:57:39.0453 3892  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:57:39.0484 3892  GEARAspiWDM - ok
11:57:39.0515 3892  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:57:39.0656 3892  Gpc - ok
11:57:39.0703 3892  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
11:57:39.0734 3892  gupdate - ok
11:57:39.0750 3892  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
11:57:39.0765 3892  gupdatem - ok
11:57:39.0812 3892  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:57:39.0953 3892  helpsvc - ok
11:57:39.0968 3892  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:57:40.0125 3892  HidServ - ok
11:57:40.0156 3892  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:57:40.0296 3892  hidusb - ok
11:57:40.0328 3892  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:57:40.0453 3892  hkmsvc - ok
11:57:40.0500 3892  [ 86A41BAB21B31F8A1B8F5FB93106B63F ] hotcore3        C:\WINDOWS\system32\DRIVERS\hotcore3.sys
11:57:40.0515 3892  hotcore3 - ok
11:57:40.0531 3892  hpn - ok
11:57:40.0562 3892  [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:57:40.0640 3892  HPZid412 - ok
11:57:40.0656 3892  [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:57:40.0718 3892  HPZipr12 - ok
11:57:40.0750 3892  [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:57:40.0828 3892  HPZius12 - ok
11:57:40.0859 3892  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:57:40.0921 3892  HTTP - ok
11:57:40.0953 3892  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:57:41.0093 3892  HTTPFilter - ok
11:57:41.0109 3892  i2omgmt - ok
11:57:41.0125 3892  i2omp - ok
11:57:41.0171 3892  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
11:57:41.0312 3892  i8042prt - ok
11:57:41.0359 3892  [ 848EDEBB3C1D6FEC50E09EDA95C21E84 ] ICQ Service     C:\Programme\ICQ6Toolbar\ICQ Service.exe
11:57:41.0390 3892  ICQ Service - ok
11:57:41.0421 3892  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:57:41.0546 3892  Imapi - ok
11:57:41.0578 3892  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:57:41.0734 3892  ImapiService - ok
11:57:41.0750 3892  ini910u - ok
11:57:41.0765 3892  IntelIde - ok
11:57:41.0796 3892  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:57:41.0953 3892  intelppm - ok
11:57:41.0968 3892  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:57:42.0093 3892  Ip6Fw - ok
11:57:42.0125 3892  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:57:42.0281 3892  IpFilterDriver - ok
11:57:42.0312 3892  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:57:42.0453 3892  IpInIp - ok
11:57:42.0500 3892  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:57:42.0640 3892  IpNat - ok
11:57:42.0687 3892  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
11:57:42.0718 3892  iPod Service - ok
11:57:42.0765 3892  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:57:42.0890 3892  IPSec - ok
11:57:42.0906 3892  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:57:43.0046 3892  IRENUM - ok
11:57:43.0062 3892  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:57:43.0218 3892  isapnp - ok
11:57:43.0265 3892  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:57:43.0421 3892  Kbdclass - ok
11:57:43.0437 3892  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:57:43.0593 3892  kbdhid - ok
11:57:43.0609 3892  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:57:43.0765 3892  kmixer - ok
11:57:43.0812 3892  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:57:43.0937 3892  KSecDD - ok
11:57:43.0984 3892  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:57:44.0062 3892  lanmanserver - ok
11:57:44.0125 3892  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:57:44.0234 3892  lanmanworkstation - ok
11:57:44.0234 3892  lbrtfdc - ok
11:57:44.0281 3892  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:57:44.0437 3892  LmHosts - ok
11:57:44.0468 3892  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:57:44.0500 3892  MBAMProtector - ok
11:57:44.0625 3892  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:57:44.0734 3892  MBAMScheduler - ok
11:57:44.0875 3892  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:57:45.0031 3892  MBAMService - ok
11:57:45.0156 3892  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
11:57:45.0203 3892  McComponentHostService - ok
11:57:45.0265 3892  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:57:45.0421 3892  Messenger - ok
11:57:45.0468 3892  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:57:45.0609 3892  mnmdd - ok
11:57:45.0656 3892  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:57:45.0812 3892  mnmsrvc - ok
11:57:45.0843 3892  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:57:46.0000 3892  Modem - ok
11:57:46.0015 3892  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:57:46.0156 3892  Mouclass - ok
11:57:46.0187 3892  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:57:46.0343 3892  mouhid - ok
11:57:46.0375 3892  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:57:46.0500 3892  MountMgr - ok
11:57:46.0531 3892  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:57:46.0562 3892  MozillaMaintenance - ok
11:57:46.0609 3892  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
11:57:46.0765 3892  MPE - ok
11:57:46.0781 3892  mraid35x - ok
11:57:46.0796 3892  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:57:46.0953 3892  MRxDAV - ok
11:57:47.0000 3892  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:57:47.0093 3892  MRxSmb - ok
11:57:47.0125 3892  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:57:47.0281 3892  MSDTC - ok
11:57:47.0312 3892  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:57:47.0453 3892  Msfs - ok
11:57:47.0468 3892  MSIServer - ok
11:57:47.0500 3892  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:57:47.0640 3892  MSKSSRV - ok
11:57:47.0656 3892  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:57:47.0796 3892  MSPCLOCK - ok
11:57:47.0812 3892  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:57:47.0953 3892  MSPQM - ok
11:57:47.0984 3892  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:57:48.0125 3892  mssmbios - ok
11:57:48.0140 3892  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:57:48.0296 3892  MSTEE - ok
11:57:48.0328 3892  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:57:48.0375 3892  Mup - ok
11:57:48.0406 3892  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:57:48.0546 3892  NABTSFEC - ok
11:57:48.0578 3892  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:57:48.0750 3892  napagent - ok
11:57:48.0781 3892  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:57:48.0906 3892  NDIS - ok
11:57:48.0937 3892  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:57:49.0078 3892  NdisIP - ok
11:57:49.0109 3892  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:57:49.0156 3892  NdisTapi - ok
11:57:49.0203 3892  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:57:49.0343 3892  Ndisuio - ok
11:57:49.0359 3892  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:49.0484 3892  NdisWan - ok
11:57:49.0531 3892  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:57:49.0578 3892  NDProxy - ok
11:57:49.0593 3892  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:57:49.0750 3892  NetBIOS - ok
11:57:49.0781 3892  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:57:49.0906 3892  NetBT - ok
11:57:49.0953 3892  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:57:50.0093 3892  NetDDE - ok
11:57:50.0109 3892  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:57:50.0250 3892  NetDDEdsdm - ok
11:57:50.0281 3892  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:57:50.0406 3892  Netlogon - ok
11:57:50.0421 3892  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
11:57:50.0562 3892  Netman - ok
11:57:50.0593 3892  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:57:50.0718 3892  NIC1394 - ok
11:57:50.0750 3892  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:57:50.0796 3892  Nla - ok
11:57:50.0843 3892  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:57:50.0984 3892  Npfs - ok
11:57:51.0031 3892  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:57:51.0187 3892  Ntfs - ok
11:57:51.0203 3892  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:57:51.0343 3892  NtLmSsp - ok
11:57:51.0375 3892  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:57:51.0546 3892  NtmsSvc - ok
11:57:51.0562 3892  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:57:51.0734 3892  Null - ok
11:57:51.0765 3892  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:57:51.0937 3892  NwlnkFlt - ok
11:57:51.0953 3892  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:57:52.0125 3892  NwlnkFwd - ok
11:57:52.0140 3892  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:57:52.0281 3892  ohci1394 - ok
11:57:52.0296 3892  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:57:52.0437 3892  Parport - ok
11:57:52.0453 3892  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:57:52.0593 3892  PartMgr - ok
11:57:52.0625 3892  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:57:52.0796 3892  ParVdm - ok
11:57:52.0828 3892  [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:57:52.0875 3892  pccsmcfd - ok
11:57:52.0890 3892  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:57:53.0031 3892  PCI - ok
11:57:53.0046 3892  PCIDump - ok
11:57:53.0062 3892  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:57:53.0218 3892  PCIIde - ok
11:57:53.0265 3892  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:57:53.0406 3892  Pcmcia - ok
11:57:53.0406 3892  PDCOMP - ok
11:57:53.0421 3892  PDFRAME - ok
11:57:53.0437 3892  PDRELI - ok
11:57:53.0453 3892  PDRFRAME - ok
11:57:53.0468 3892  perc2 - ok
11:57:53.0468 3892  perc2hib - ok
11:57:53.0531 3892  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
11:57:53.0562 3892  PlugPlay - ok
11:57:53.0578 3892  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:57:53.0593 3892  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:57:53.0593 3892  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:57:53.0609 3892  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:57:53.0734 3892  PolicyAgent - ok
11:57:53.0765 3892  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:57:53.0890 3892  PptpMiniport - ok
11:57:53.0906 3892  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:57:54.0062 3892  ProtectedStorage - ok
11:57:54.0062 3892  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:57:54.0203 3892  PSched - ok
11:57:54.0218 3892  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:57:54.0375 3892  Ptilink - ok
11:57:54.0390 3892  ql1080 - ok
11:57:54.0406 3892  Ql10wnt - ok
11:57:54.0421 3892  ql12160 - ok
11:57:54.0437 3892  ql1240 - ok
11:57:54.0453 3892  ql1280 - ok
11:57:54.0484 3892  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:57:54.0640 3892  RasAcd - ok
11:57:54.0671 3892  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:57:54.0812 3892  RasAuto - ok
11:57:54.0828 3892  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:57:54.0984 3892  Rasl2tp - ok
11:57:55.0015 3892  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:57:55.0171 3892  RasMan - ok
11:57:55.0187 3892  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:57:55.0328 3892  RasPppoe - ok
11:57:55.0343 3892  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:57:55.0500 3892  Raspti - ok
11:57:55.0531 3892  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:57:55.0671 3892  Rdbss - ok
11:57:55.0687 3892  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:57:55.0859 3892  RDPCDD - ok
11:57:55.0906 3892  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:57:55.0953 3892  RDPWD - ok
11:57:55.0984 3892  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:57:56.0140 3892  RDSessMgr - ok
11:57:56.0171 3892  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:57:56.0312 3892  redbook - ok
11:57:56.0359 3892  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:57:56.0484 3892  RemoteAccess - ok
11:57:56.0531 3892  [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo       C:\Programme\CyberLink\Shared Files\RichVideo.exe
11:57:56.0546 3892  RichVideo ( UnsignedFile.Multi.Generic ) - warning
11:57:56.0546 3892  RichVideo - detected UnsignedFile.Multi.Generic (1)
11:57:56.0578 3892  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:57:56.0734 3892  RpcLocator - ok
11:57:56.0750 3892  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:57:56.0812 3892  RpcSs - ok
11:57:56.0843 3892  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:57:57.0000 3892  RSVP - ok
11:57:57.0031 3892  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:57:57.0156 3892  rtl8139 - ok
11:57:57.0171 3892  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:57:57.0312 3892  SamSs - ok
11:57:57.0343 3892  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:57:57.0484 3892  SCardSvr - ok
11:57:57.0531 3892  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:57:57.0656 3892  Schedule - ok
11:57:57.0703 3892  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:57:57.0828 3892  Secdrv - ok
11:57:57.0843 3892  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:57:57.0984 3892  seclogon - ok
11:57:58.0015 3892  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
11:57:58.0140 3892  SENS - ok
11:57:58.0156 3892  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:57:58.0296 3892  serenum - ok
11:57:58.0312 3892  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:57:58.0437 3892  Serial - ok
11:57:58.0515 3892  [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer    C:\Programme\PC Connectivity Solution\ServiceLayer.exe
11:57:58.0562 3892  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
11:57:58.0562 3892  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
11:57:58.0593 3892  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:57:58.0734 3892  Sfloppy - ok
11:57:58.0781 3892  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:57:58.0921 3892  SharedAccess - ok
11:57:58.0937 3892  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:57:58.0968 3892  ShellHWDetection - ok
11:57:58.0984 3892  Simbad - ok
11:57:59.0031 3892  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:57:59.0156 3892  SLIP - ok
11:57:59.0187 3892  Sparrow - ok
11:57:59.0203 3892  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:57:59.0359 3892  splitter - ok
11:57:59.0390 3892  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:57:59.0437 3892  Spooler - ok
11:57:59.0484 3892  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:57:59.0625 3892  sr - ok
11:57:59.0671 3892  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:57:59.0828 3892  srservice - ok
11:57:59.0859 3892  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:57:59.0953 3892  Srv - ok
11:57:59.0968 3892  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:58:00.0140 3892  SSDPSRV - ok
11:58:00.0156 3892  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:58:00.0187 3892  ssmdrv - ok
11:58:00.0218 3892  [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus         C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
11:58:00.0250 3892  ss_bbus - ok
11:58:00.0265 3892  [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl        C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
11:58:00.0281 3892  ss_bmdfl - ok
11:58:00.0296 3892  [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm         C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
11:58:00.0328 3892  ss_bmdm - ok
11:58:00.0359 3892  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:58:00.0515 3892  stisvc - ok
11:58:00.0546 3892  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:58:00.0687 3892  streamip - ok
11:58:00.0703 3892  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:58:00.0828 3892  swenum - ok
11:58:00.0859 3892  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:58:01.0000 3892  swmidi - ok
11:58:01.0015 3892  SwPrv - ok
11:58:01.0031 3892  symc810 - ok
11:58:01.0046 3892  symc8xx - ok
11:58:01.0062 3892  sym_hi - ok
11:58:01.0078 3892  sym_u3 - ok
11:58:01.0093 3892  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:58:01.0250 3892  sysaudio - ok
11:58:01.0281 3892  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:58:01.0421 3892  SysmonLog - ok
11:58:01.0453 3892  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:58:01.0609 3892  TapiSrv - ok
11:58:01.0656 3892  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:58:01.0718 3892  Tcpip - ok
11:58:01.0750 3892  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:58:01.0890 3892  TDPIPE - ok
11:58:01.0921 3892  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:58:02.0062 3892  TDTCP - ok
11:58:02.0078 3892  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:58:02.0218 3892  TermDD - ok
11:58:02.0265 3892  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:58:02.0406 3892  TermService - ok
11:58:02.0421 3892  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:58:02.0453 3892  Themes - ok
11:58:02.0453 3892  TosIde - ok
11:58:02.0484 3892  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:58:02.0625 3892  TrkWks - ok
11:58:02.0671 3892  [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
11:58:02.0796 3892  uagp35 - ok
11:58:02.0828 3892  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:58:02.0984 3892  Udfs - ok
11:58:02.0984 3892  ultra - ok
11:58:03.0015 3892  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:58:03.0171 3892  Update - ok
11:58:03.0218 3892  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:58:03.0359 3892  upnphost - ok
11:58:03.0390 3892  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
11:58:03.0531 3892  UPS - ok
11:58:03.0562 3892  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:58:03.0625 3892  USBAAPL - ok
11:58:03.0640 3892  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:58:03.0781 3892  usbccgp - ok
11:58:03.0812 3892  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:58:03.0937 3892  usbehci - ok
11:58:03.0968 3892  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:58:04.0109 3892  usbhub - ok
11:58:04.0140 3892  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:58:04.0281 3892  usbprint - ok
11:58:04.0312 3892  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:58:04.0453 3892  usbscan - ok
11:58:04.0468 3892  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:04.0625 3892  usbstor - ok
11:58:04.0640 3892  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:58:04.0765 3892  usbuhci - ok
11:58:04.0812 3892  [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:58:04.0953 3892  usb_rndisx - ok
11:58:04.0968 3892  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:58:05.0093 3892  VgaSave - ok
11:58:05.0140 3892  [ 22ADAFA1B08DC33B9402EBAFF85B67DE ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
11:58:05.0203 3892  viagfx - ok
11:58:05.0218 3892  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:58:05.0359 3892  ViaIde - ok
11:58:05.0375 3892  [ 0363E216E4EB5052969C96608934DBDE ] viamraid        C:\WINDOWS\system32\DRIVERS\viamraid.sys
11:58:05.0421 3892  viamraid - ok
11:58:05.0437 3892  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:58:05.0578 3892  VolSnap - ok
11:58:05.0625 3892  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:58:05.0765 3892  VSS - ok
11:58:05.0781 3892  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:58:05.0937 3892  W32Time - ok
11:58:05.0968 3892  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:58:06.0109 3892  Wanarp - ok
11:58:06.0125 3892  WDICA - ok
11:58:06.0140 3892  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:58:06.0281 3892  wdmaud - ok
11:58:06.0312 3892  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:58:06.0453 3892  WebClient - ok
11:58:06.0515 3892  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:58:06.0656 3892  winmgmt - ok
11:58:06.0703 3892  [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:58:06.0828 3892  WmdmPmSN - ok
11:58:06.0875 3892  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:58:07.0015 3892  WmiApSrv - ok
11:58:07.0062 3892  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:58:07.0203 3892  wscsvc - ok
11:58:07.0218 3892  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:58:07.0343 3892  WSTCODEC - ok
11:58:07.0375 3892  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:58:07.0500 3892  wuauserv - ok
11:58:07.0562 3892  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:58:07.0750 3892  WZCSVC - ok
11:58:07.0781 3892  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
11:58:07.0796 3892  x10nets ( UnsignedFile.Multi.Generic ) - warning
11:58:07.0796 3892  x10nets - detected UnsignedFile.Multi.Generic (1)
11:58:07.0828 3892  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:58:07.0968 3892  xmlprov - ok
11:58:08.0031 3892  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:58:08.0078 3892  YahooAUService - ok
11:58:08.0109 3892  ================ Scan global ===============================
11:58:08.0140 3892  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:58:08.0156 3892  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:58:08.0187 3892  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:58:08.0203 3892  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:58:08.0218 3892  [Global] - ok
11:58:08.0218 3892  ================ Scan MBR ==================================
11:58:08.0234 3892  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
11:58:08.0468 3892  \Device\Harddisk0\DR0 - ok
11:58:08.0484 3892  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR12
11:58:16.0328 3892  \Device\Harddisk1\DR12 - ok
11:58:16.0328 3892  ================ Scan VBR ==================================
11:58:16.0343 3892  [ 320FAF8282FCA36F7D90FAA73A7A7167 ] \Device\Harddisk0\DR0\Partition1
11:58:16.0343 3892  \Device\Harddisk0\DR0\Partition1 - ok
11:58:16.0375 3892  [ 5D63AD087427F77AD5A9CBB26361C167 ] \Device\Harddisk0\DR0\Partition2
11:58:16.0375 3892  \Device\Harddisk0\DR0\Partition2 - ok
11:58:16.0390 3892  [ C27CB223B86B329426985A05EFB2BE85 ] \Device\Harddisk0\DR0\Partition3
11:58:16.0390 3892  \Device\Harddisk0\DR0\Partition3 - ok
11:58:16.0406 3892  [ B1A05779B75A3D358692EA0DA9149BFC ] \Device\Harddisk1\DR12\Partition1
11:58:16.0406 3892  \Device\Harddisk1\DR12\Partition1 - ok
11:58:16.0406 3892  ============================================================
11:58:16.0406 3892  Scan finished
11:58:16.0406 3892  ============================================================
11:58:16.0531 1052  Detected object count: 10
11:58:16.0531 1052  Actual detected object count: 10
11:59:09.0140 1052  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0140 1052  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0140 1052  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0156 1052  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0156 1052  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:09.0156 1052  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:09.0156 1052  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:59:26.0218 0516  Deinitialize success

cosinus · 30.01.2013, 12:05

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

micra · 30.01.2013, 12:49

Hier das Log vom adwCleander:

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 30/01/2013 um 12:46:57 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : XXX - XXX
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\XXX\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : ICQ Service

***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gefunden : C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\PriceGong
Ordner Gefunden : C:\Programme\Free Offers from Freeze.com
Ordner Gefunden : C:\Programme\ICQ6Toolbar
Ordner Gefunden : C:\Programme\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gefunden : HKU\S-1-5-21-1715567821-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5423 octets] - [30/01/2013 12:46:57]

########## EOF - C:\AdwCleaner[R1].txt - [5483 octets] ##########

cosinus · 30.01.2013, 13:25

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

micra · 30.01.2013, 13:58

Das Log des adwCleaner nach dem Löschen:

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 30/01/2013 um 13:33:05 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : XXX - XXX
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\XXX\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : ICQ Service

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\PriceGong
Ordner Gelöscht : C:\Programme\Free Offers from Freeze.com
Ordner Gelöscht : C:\Programme\ICQ6Toolbar
Ordner Gelöscht : C:\Programme\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5552 octets] - [30/01/2013 12:46:57]
AdwCleaner[S1].txt - [5407 octets] - [30/01/2013 13:33:05]

########## EOF - C:\AdwCleaner[S1].txt - [5467 octets] ##########

Und hier die LogFiles nach dem OLT-Durchlauf:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.01.2013 13:42:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,48 Mb Total Physical Memory | 99,02 Mb Available Physical Memory | 22,18% Memory free
1,03 Gb Paging File | 0,55 Gb Available in Paging File | 53,68% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,54 Gb Total Space | 37,35 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive D: | 66,62 Gb Total Space | 63,06 Gb Free Space | 94,65% Space Free | Partition Type: NTFS
Drive E: | 7,87 Gb Total Space | 3,64 Gb Free Space | 46,18% Space Free | Partition Type: FAT32
Drive F: | 3,72 Gb Total Space | 3,64 Gb Free Space | 98,07% Space Free | Partition Type: FAT32
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Programme\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Programme\MyTomTom 3\QtGui4.dll ()
MOD - C:\Programme\MyTomTom 3\QtXmlPatterns4.dll ()
MOD - C:\Programme\MyTomTom 3\QtCore4.dll ()
MOD - C:\Programme\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Programme\MyTomTom 3\QtXml4.dll ()
MOD - C:\Programme\ICQ7.1\MDb.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\MSDvbNP.ax ()
MOD - C:\WINDOWS\system32\PsisRndr.ax ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSQLDBRec4.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
MOD - C:\WINDOWS\system32\_psisdecd.dll ()
MOD - C:\Programme\VIA\RAID\drvInterface.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (CLSched) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.11 09:58:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.24 14:15:08 | 000,000,000 | ---D | M]
 
[2010.04.05 09:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2013.01.26 15:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\extensions
[2012.03.07 10:06:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\DqlGaxTQsQsrfNVLOL
[2013.01.22 13:25:39 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\fDrUrUvsJtAQAuENo
[2012.08.13 15:45:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\gygLOngloDEsyey
[2011.12.03 10:47:09 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\LgfOfuxQGyvqXLXLG
[2011.11.20 09:50:34 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\sntlslfafTvdJA
[2012.04.05 15:38:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\vxJxjQAuENoNTLaUsde
[2010.04.05 14:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.11 09:58:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.08.11 09:57:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.11 09:57:51 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.08.11 09:57:51 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.11 09:57:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.11 09:57:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.11 09:57:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [0802E594] C:\Dokumente und Einstellungen\XXX\Qlqlqli\vfvrycmx.exe ()
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [ICQ] C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [jnjlycmx] C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp\Yoah\dkrfycmx.exe ()
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [Oplyl] "C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux\keym.exe" File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270451854636 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.05 08:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.29 16:21:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.01.28 15:02:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2013.01.26 16:17:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes
[2013.01.26 16:17:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.26 16:17:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.26 16:17:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.26 16:17:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.24 13:23:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Qlqlqli
[2013.01.23 17:19:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ycfes
[2013.01.23 17:19:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Xavoew
[2013.01.23 17:19:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux
[2013.01.21 17:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2013.01.21 17:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Apple Computer
[2013.01.21 17:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.01.21 17:17:44 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.01.21 17:17:31 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.01.21 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2013.01.21 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.21 17:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Apple
[2013.01.21 17:16:49 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2013.01.21 17:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer
[2013.01.21 17:16:15 | 005,989,776 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2013.01.21 17:15:47 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2013.01.21 17:15:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2013.01.21 17:15:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2013.01.16 16:27:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Google
[2013.01.16 16:26:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2013.01.16 16:25:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.30 13:35:17 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.30 13:35:17 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2013.01.30 13:35:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.30 13:29:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.30 12:45:36 | 000,580,235 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\adwcleaner.exe
[2013.01.28 15:01:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2013.01.28 14:52:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.26 16:17:26 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.21 17:18:41 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.01.21 17:16:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.20 09:06:51 | 000,391,000 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.20 09:06:51 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.20 09:06:51 | 000,063,580 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.20 09:06:51 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.16 16:26:53 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.01.16 16:25:21 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.01.11 14:29:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.09 16:07:14 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.30 12:46:44 | 000,580,235 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\adwcleaner.exe
[2013.01.26 16:17:26 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.21 17:18:41 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.01.21 17:16:56 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.21 17:16:50 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
[2013.01.16 16:26:53 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.01.16 16:25:21 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.01.16 16:24:32 | 000,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.16 16:24:32 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 20:45:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.15 15:33:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.12.11 19:47:37 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\$_hpcst$.hpc
[2010.04.05 15:07:22 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.04.05 15:05:28 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1601.02.13 09:28:18 | 000,036,132 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\pvqayToloDOngLJyvlVD
[1601.02.13 09:28:18 | 000,002,044 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\NELsLedJdfuVQA
[1601.02.13 09:28:18 | 000,000,748 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NdQUueUsdaxTxAaAaLl
[1601.02.13 09:28:18 | 000,000,154 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\jXsApjNEroxNGrd
 
========== ZeroAccess Check ==========
 
[2010.04.05 15:06:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.03.10 05:33:52 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.01.2013 13:42:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,48 Mb Total Physical Memory | 99,02 Mb Available Physical Memory | 22,18% Memory free
1,03 Gb Paging File | 0,55 Gb Available in Paging File | 53,68% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,54 Gb Total Space | 37,35 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive D: | 66,62 Gb Total Space | 63,06 Gb Free Space | 94,65% Space Free | Partition Type: NTFS
Drive E: | 7,87 Gb Total Space | 3,64 Gb Free Space | 46,18% Space Free | Partition Type: FAT32
Drive F: | 3,72 Gb Total Space | 3,64 Gb Free Space | 98,07% Space Free | Partition Type: FAT32
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{247A11CA-F5CE-4DD6-85E2-64850E64E064}" = USB2.0 CARD READER
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10 Free Edition
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FinalMediaPlayer_is1" = Final Media Player 2010
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LetsTrade" = LetsTrade Komponenten
"MAGIX music maker SE" = MAGIX music maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"medionmusic-manager gold" = medionmusic-manager gold
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PCConfidential_is1" = PC Confidential 2008
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2013 11:33:12 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
[ System Events ]
Error - 29.01.2013 11:55:35 | Computer Name = XXX | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
 3. Parameter 8400cd88, 4. Parameter 8055b940.
 
Error - 29.01.2013 12:05:11 | Computer Name = XXX | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
 3. Parameter 840d8a08, 4. Parameter 8055b928.
 
Error - 29.01.2013 12:26:13 | Computer Name = XXX | Source = System Error | ID = 1003
Description = Fehlercode 1000000a, 1. Parameter c05d4000, 2. Parameter 00000002,
 3. Parameter 00000001, 4. Parameter 80542090.
 
Error - 30.01.2013 01:42:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 30.01.2013 06:54:22 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 30.01.2013 08:30:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 30.01.2013 08:31:59 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "gupdate"
 mit den Argumenten "/comsvc"  gestartet wurde, um den folgenden Server zu verwenden:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 30.01.2013 08:32:00 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
 Update-Dienst (gupdate).
 
Error - 30.01.2013 08:32:00 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.01.2013 08:38:15 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
 
< End of report >

--- --- ---

cosinus · 30.01.2013, 15:09

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2012.03.07 10:06:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\DqlGaxTQsQsrfNVLOL
[2013.01.22 13:25:39 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\fDrUrUvsJtAQAuENo
[2012.08.13 15:45:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\gygLOngloDEsyey
[2011.12.03 10:47:09 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\LgfOfuxQGyvqXLXLG
[2011.11.20 09:50:34 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\sntlslfafTvdJA
[2012.04.05 15:38:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\vxJxjQAuENoNTLaUsde
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [0802E594] C:\Dokumente und Einstellungen\XXX\Qlqlqli\vfvrycmx.exe ()
:Files
C:\Dokumente und Einstellungen\XXX\Qlqlqli
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ycfes
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Xavoew
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\pvqayToloDOngLJyvlVD
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\NELsLedJdfuVQA
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NdQUueUsdaxTxAaAaLl
C:\Dokumente und Einstellungen\XXX\jXsApjNEroxNGrd
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

micra · 30.01.2013, 16:01

Hier das OTL Fix Log-File

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\DqlGaxTQsQsrfNVLOL moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\fDrUrUvsJtAQAuENo moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\gygLOngloDEsyey moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\LgfOfuxQGyvqXLXLG moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\sntlslfafTvdJA moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\searchplugins\vxJxjQAuENoNTLaUsde moved successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\0802E594 deleted successfully.
C:\Dokumente und Einstellungen\XXX\Qlqlqli\vfvrycmx.exe moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\XXX\Qlqlqli folder moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ycfes folder moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Xavoew folder moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux folder moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\pvqayToloDOngLJyvlVD moved successfully.
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\NELsLedJdfuVQA moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NdQUueUsdaxTxAaAaLl moved successfully.
C:\Dokumente und Einstellungen\XXX\jXsApjNEroxNGrd moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\XXX\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\XXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: XXX
->Temp folder emptied: 453281006 bytes
->Temporary Internet Files folder emptied: 63222972 bytes
->Java cache emptied: 10949258 bytes
->FireFox cache emptied: 823428476 bytes
->Google Chrome cache emptied: 19428466 bytes
->Flash cache emptied: 3128217 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 430569941 bytes
RecycleBin emptied: 2649217598 bytes
 
Total Files Cleaned = 4.249,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01302013_154828

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 30.01.2013, 16:02

Eine neue Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

micra · 30.01.2013, 16:40

Hier die Logs des Re-Scans.
OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.01.2013 16:07:58 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,48 Mb Total Physical Memory | 232,13 Mb Available Physical Memory | 51,99% Memory free
1,03 Gb Paging File | 0,57 Gb Available in Paging File | 55,54% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,54 Gb Total Space | 41,44 Gb Free Space | 55,60% Space Free | Partition Type: NTFS
Drive D: | 66,62 Gb Total Space | 63,06 Gb Free Space | 94,65% Space Free | Partition Type: NTFS
Drive E: | 7,87 Gb Total Space | 3,64 Gb Free Space | 46,18% Space Free | Partition Type: FAT32
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Programme\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Programme\MyTomTom 3\QtGui4.dll ()
MOD - C:\Programme\MyTomTom 3\QtXmlPatterns4.dll ()
MOD - C:\Programme\MyTomTom 3\QtCore4.dll ()
MOD - C:\Programme\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Programme\MyTomTom 3\QtXml4.dll ()
MOD - C:\Programme\ICQ7.1\MDb.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\MSDvbNP.ax ()
MOD - C:\WINDOWS\system32\PsisRndr.ax ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSQLDBRec4.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
MOD - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
MOD - C:\WINDOWS\system32\_psisdecd.dll ()
MOD - C:\Programme\VIA\RAID\drvInterface.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (CLSched) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.11 09:58:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.24 14:15:08 | 000,000,000 | ---D | M]
 
[2010.04.05 09:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2013.01.26 15:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\gep8hnjt.default\extensions
[2010.04.05 14:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.11 09:58:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.08.11 09:57:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.11 09:57:51 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.08.11 09:57:51 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.11 09:57:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.11 09:57:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.11 09:57:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.01.30 15:53:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [ICQ] C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [jnjlycmx] C:\DOKUME~1\XXX\LOKALE~1\Temp\Yoah\dkrfycmx.exe File not found
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [Oplyl] "C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux\keym.exe" File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270451854636 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.05 08:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.30 15:48:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.29 16:21:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.01.28 15:02:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2013.01.26 16:17:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes
[2013.01.26 16:17:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.26 16:17:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.26 16:17:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.26 16:17:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.21 17:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2013.01.21 17:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Apple Computer
[2013.01.21 17:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.01.21 17:17:44 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.01.21 17:17:31 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.01.21 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2013.01.21 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.21 17:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Apple
[2013.01.21 17:16:49 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2013.01.21 17:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer
[2013.01.21 17:16:15 | 005,989,776 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2013.01.21 17:15:47 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2013.01.21 17:15:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2013.01.21 17:15:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2013.01.16 16:27:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Google
[2013.01.16 16:26:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2013.01.16 16:25:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.30 15:54:19 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.30 15:54:19 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2013.01.30 15:54:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.30 15:53:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.30 13:29:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.30 12:45:36 | 000,580,235 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\adwcleaner.exe
[2013.01.28 15:01:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2013.01.28 14:52:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.26 16:17:26 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.21 17:18:41 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.01.21 17:16:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.20 09:06:51 | 000,391,000 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.20 09:06:51 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.20 09:06:51 | 000,063,580 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.20 09:06:51 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.16 16:26:53 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.01.16 16:25:21 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.01.11 14:29:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.09 16:07:14 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.30 12:46:44 | 000,580,235 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\adwcleaner.exe
[2013.01.26 16:17:26 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.21 17:18:41 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.01.21 17:16:56 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.21 17:16:50 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
[2013.01.16 16:26:53 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.01.16 16:25:21 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.01.16 16:24:32 | 000,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.16 16:24:32 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 20:45:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.15 15:33:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.12.11 19:47:37 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\$_hpcst$.hpc
[2010.04.05 15:07:22 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.04.05 15:05:28 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010.04.05 15:06:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.03.10 05:33:52 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

Extra.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.01.2013 16:07:58 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,48 Mb Total Physical Memory | 232,13 Mb Available Physical Memory | 51,99% Memory free
1,03 Gb Paging File | 0,57 Gb Available in Paging File | 55,54% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,54 Gb Total Space | 41,44 Gb Free Space | 55,60% Space Free | Partition Type: NTFS
Drive D: | 66,62 Gb Total Space | 63,06 Gb Free Space | 94,65% Space Free | Partition Type: NTFS
Drive E: | 7,87 Gb Total Space | 3,64 Gb Free Space | 46,18% Space Free | Partition Type: FAT32
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{247A11CA-F5CE-4DD6-85E2-64850E64E064}" = USB2.0 CARD READER
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10 Free Edition
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FinalMediaPlayer_is1" = Final Media Player 2010
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LetsTrade" = LetsTrade Komponenten
"MAGIX music maker SE" = MAGIX music maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"medionmusic-manager gold" = medionmusic-manager gold
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PCConfidential_is1" = PC Confidential 2008
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1715567821-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2013 11:33:12 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
[ System Events ]
Error - 30.01.2013 10:48:29 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 10:48:29 | Computer Name = XXX | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 30.01.2013 10:48:29 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink Background Capture Service (CBCS)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 30.01.2013 10:48:30 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink Media Library Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 30.01.2013 10:48:30 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "FsUsbExService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 10:48:31 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 30.01.2013 10:48:31 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "X10 Device Network Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 30.01.2013 10:48:31 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "Yahoo! Updater" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 10:48:32 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink Task Scheduler (CTS)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 30.01.2013 10:48:32 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
 
< End of report >

--- --- ---

cosinus · 30.01.2013, 16:44

Eine Winzigkeit hab ich übersehen

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [jnjlycmx] C:\DOKUME~1\XXX\LOKALE~1\Temp\Yoah\dkrfycmx.exe File not found
O4 - HKU\S-1-5-21-1715567821-2077806209-725345543-1004..\Run: [Oplyl] "C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux\keym.exe" File not found
:Files
C:\DOKUME~1\XXX\LOKALE~1\Temp\Yoah
C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Wafuux\keym.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

29.01.2013, 15:31	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizeitrojaner mit Verschlüsselung entfernen Du hast das alte MBAR benutzt. Lade bitte das aktuelle MBAR von hier runter => http://downloads.malwarebytes.org/file/mbar Und vor dem Scan die Signaturen aktualisieren lassen __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizeitrojaner mit Verschlüsselung entfernen

Plagegeister aller Art und deren Bekämpfung: Bundespolizeitrojaner mit Verschlüsselung entfernen