foxtab pdf converte II

nuukies · 23.02.2011, 15:14

Hallo,
ich habe dasselbe Problem wie der Forist in diesem Thread:
http://www.trojaner-board.de/95807-f...converter.html

- Programm runtergeladen (FoxTabPDFConverter)
- es läßt sich nicht aus der Systemsteuerung entfernen (= deinstallieren), Windows hat es selber aus der Liste gelöscht (nachdem die deinstallation von dort nicht erfolgreich war), der Ordner (FoxTabPDFConverter) ist allerdings noch da (samt gesamtem Inhalt). Wie also deinstalliere ich das Programm?
- Auch hier tauchte eine Toolbar "Babylon" auf, die ich deinstallieren konnte.

Was tun?
Ich habe die geforderten Log Files von dem Helfer aus dem oben genannten thread bereits erstellt, werde sie hier rein pasten, danke im voraus!

Gruß
Holger

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.02.2011 15:07:38 - Run 1
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\Holger\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,54 Gb Total Space | 354,43 Gb Free Space | 78,15% Space Free | Partition Type: NTFS
Drive D: | 12,12 Gb Total Space | 1,70 Gb Free Space | 14,05% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.23 15:06:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Downloads\OTL.exe
PRC - [2011.02.10 04:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\Holger\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011.02.08 13:55:04 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.02.08 13:54:57 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.12.09 14:06:23 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.04 10:53:35 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.08.25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008.11.21 15:22:32 | 006,657,896 | ---- | M] (Ritlabs S.R.L.) -- C:\Program Files (x86)\The Bat!\thebat.exe
PRC - [2008.11.20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.23 15:06:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Downloads\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.02.08 13:54:57 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.12.09 14:06:23 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.04 10:53:35 | 000,135,336 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 22:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.12.03 02:04:35 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010.11.22 22:40:29 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.13 13:24:01 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.01.28 15:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.10 12:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.11.10 12:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.11.10 12:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.30 18:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.02.04 15:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010.02.17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b054b5b900000000000000259cf4e0b1&tlver=1.4.19.19&affID=17162
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=b054b5b900000000000000259cf4e0b1&tlver=1.4.19.19&affID=17162
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[2010.12.18 17:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.20 01:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.02.23 14:26:15 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easybits Recovery]  File not found
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [thebat_startup] C:\Program Files (x86)\The Bat!\thebat.exe (Ritlabs S.R.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.23 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\SUPERAntiSpyware.com
[2011.02.23 15:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.02.23 15:04:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\AppLogs
[2011.02.23 15:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.02.23 15:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.02.23 15:04:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.02.23 14:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxTabPDFConverter
[2011.02.23 13:26:37 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 13:26:37 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 13:26:37 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 13:26:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.18 15:53:47 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.02.10 14:41:44 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2011.02.10 14:41:42 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2011.02.09 16:16:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 16:16:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 16:16:17 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 16:16:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 16:16:17 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 16:16:17 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 16:16:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 16:16:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 16:16:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 16:16:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 16:16:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 16:16:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 16:16:07 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 16:16:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 16:16:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 16:16:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 16:16:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 16:16:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 16:16:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 16:16:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 16:16:04 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 16:16:02 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 16:16:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 16:16:00 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 16:16:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 16:16:00 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 16:15:56 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 16:15:55 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 16:15:55 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 16:15:55 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 16:15:53 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 16:15:53 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 16:15:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 16:15:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.03 02:50:57 | 000,000,000 | ---D | C] -- C:\Users\Holger\Documents\Founds
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.23 15:04:02 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011.02.23 14:57:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.23 14:57:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.23 14:52:39 | 000,863,187 | ---- | M] () -- C:\Users\Holger\Desktop\Praktikum hollibolli.pdf
[2011.02.23 14:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.23 14:49:38 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.23 14:47:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141555928-2508303228-2713433640-1001UA.job
[2011.02.23 14:30:04 | 000,087,203 | ---- | M] () -- C:\Users\Holger\Desktop\Anschreiben und Lebenslauf.pdf
[2011.02.22 22:47:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141555928-2508303228-2713433640-1001Core.job
[2011.02.21 18:00:46 | 000,845,751 | ---- | M] () -- C:\Users\Holger\Desktop\Einleitung Praktikum.pdf
[2011.02.21 17:57:35 | 000,014,220 | ---- | M] () -- C:\Users\Holger\Desktop\Merkblatt_Befristete_Besch._04_2009.pdf
[2011.02.21 17:57:29 | 000,638,580 | ---- | M] () -- C:\Users\Holger\Desktop\Personalbogen_mit_Besoldungsfragebogen_07_2008.pdf
[2011.02.20 22:08:14 | 010,655,744 | ---- | M] () -- C:\Users\Holger\Desktop\Einleitung Praktikum.doc
[2011.02.20 12:45:55 | 000,013,640 | ---- | M] () -- C:\Users\Holger\Desktop\Großes Zimmer in 3er WG.odt
[2011.02.18 15:53:47 | 000,000,684 | ---- | M] () -- C:\Users\Holger\Desktop\Fraps.lnk
[2011.02.14 17:04:37 | 000,145,463 | ---- | M] () -- C:\Users\Holger\Desktop\CV.pdf
[2011.02.14 17:04:27 | 000,078,138 | ---- | M] () -- C:\Users\Holger\Desktop\Anschreiben.pdf
[2011.02.13 22:18:27 | 000,565,305 | ---- | M] () -- C:\Users\Holger\Desktop\Einladung zur Doktorfeier.pdf
[2011.02.10 14:41:44 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2011.02.10 14:41:42 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2011.02.10 11:05:05 | 000,361,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 19:58:19 | 000,084,529 | ---- | M] () -- C:\Users\Holger\Desktop\Ausschreibung für Career Center.pdf
[2011.01.30 19:00:44 | 000,128,000 | ---- | M] () -- C:\Users\Holger\Documents\Haushalt.xls
[2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
 
========== Files Created - No Company Name ==========
 
[2011.02.23 15:04:02 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.02.23 14:52:39 | 000,863,187 | ---- | C] () -- C:\Users\Holger\Desktop\Praktikum hollibolli.pdf
[2011.02.23 14:37:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011.02.23 14:37:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011.02.23 14:37:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011.02.23 14:37:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011.02.23 14:30:04 | 000,087,203 | ---- | C] () -- C:\Users\Holger\Desktop\Anschreiben und Lebenslauf.pdf
[2011.02.21 17:57:35 | 000,014,220 | ---- | C] () -- C:\Users\Holger\Desktop\Merkblatt_Befristete_Besch._04_2009.pdf
[2011.02.21 17:57:29 | 000,638,580 | ---- | C] () -- C:\Users\Holger\Desktop\Personalbogen_mit_Besoldungsfragebogen_07_2008.pdf
[2011.02.20 20:29:10 | 010,655,744 | ---- | C] () -- C:\Users\Holger\Desktop\Einleitung Praktikum.doc
[2011.02.18 15:53:47 | 000,000,684 | ---- | C] () -- C:\Users\Holger\Desktop\Fraps.lnk
[2011.02.14 17:04:37 | 000,145,463 | ---- | C] () -- C:\Users\Holger\Desktop\CV.pdf
[2011.02.14 17:04:27 | 000,078,138 | ---- | C] () -- C:\Users\Holger\Desktop\Anschreiben.pdf
[2011.02.13 22:18:27 | 000,565,305 | ---- | C] () -- C:\Users\Holger\Desktop\Einladung zur Doktorfeier.pdf
[2011.02.08 14:19:55 | 000,013,640 | ---- | C] () -- C:\Users\Holger\Desktop\Großes Zimmer in 3er WG.odt
[2011.02.06 23:13:03 | 000,845,751 | ---- | C] () -- C:\Users\Holger\Desktop\Einleitung Praktikum.pdf
[2011.02.02 19:58:19 | 000,084,529 | ---- | C] () -- C:\Users\Holger\Desktop\Ausschreibung für Career Center.pdf
[2010.12.03 02:13:44 | 000,002,110 | ---- | C] () -- C:\Users\Holger\AppData\Roaming\ex_log.txt
[2010.11.29 00:21:24 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010.06.16 15:22:23 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010.06.16 15:22:23 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.16 15:22:23 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.05.03 21:14:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.25 21:49:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.25 21:49:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.22 19:31:32 | 000,003,348 | ---- | C] () -- C:\Users\Holger\AppData\Roaming\wklnhst.dat
[2009.09.29 15:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.12.23 01:00:22 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Amazon
[2011.01.19 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\AnvSoft
[2011.02.18 15:29:25 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\IrfanView
[2010.05.17 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\JabRef 2.6
[2010.04.23 01:13:46 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Leadertech
[2010.05.04 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Miranda
[2011.02.23 14:47:32 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\NCH Swift Sound
[2010.04.24 12:15:18 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Octoshape
[2011.01.13 02:09:20 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\OpenOffice.org
[2011.01.14 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\TeamViewer
[2010.04.22 19:31:34 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Template
[2011.02.23 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\The Bat!
[2010.09.22 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\WinBatch
[2011.02.14 17:04:08 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\WinEdt
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2011.02.23 15:03:42 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2010.11.29 18:57:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.02.2011 15:07:38 - Run 1
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\Holger\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,54 Gb Total Space | 354,43 Gb Free Space | 78,15% Space Free | Partition Type: NTFS
Drive D: | 12,12 Gb Total Space | 1,70 Gb Free Space | 14,05% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Holger\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}" = Brother MFL-Pro Suite DCP-130C
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CA796D95-C706-4BB9-BDDE-FF228D13D28A}" = Livestream Procaster
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DD73C158-06C4-453A-868C-652C41F11A6D}" = TheBat! Home v4.0.38
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.1.7
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EADM" = EA Download Manager
"Fraps" = Fraps (remove only)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"HP Remote Solution" = HP Remote Solution
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.8.27
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF Creator" = PDF Creator (Remove Only)
"Picasa 3" = Picasa 3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VideoPad" = VideoPad Video Editor
"Vsk5Online_is1" = Vsk5Online
"Warcraft III" = Warcraft III
"WinEdt_is1" = WinEdt
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"sc11-CH_TSR" = Ski Challenge 11 (TSR)
"Warcraft III" = Warcraft III: All Products
"WTRC 2011 Course Pack" = WTRC 2011 Course Pack
"WTRC2011CoursePack for VSK5 Online" = WTRC2011CoursePack for VSK5 Online
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

nuukies · 23.02.2011, 16:56

Und hier das log file vom SUPERAntiSpyware:

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/23/2011 at 04:53 PM

Application Version : 4.49.1000

Core Rules Database Version : 6455
Trace Rules Database Version: 4267

Scan type : Complete Scan
Total Scan Time : 01:35:29

Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 13535
Registry threats detected : 0
File items scanned : 233909
File threats detected : 21

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\holger@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\holger@doubleclick[2].txt
adserv.quality-channel.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
akamai.smartadserver.com [ C:\Users\***r\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
bc.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
cdn5.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
imagesrv.adition.com [ C:\Users\***r\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
kunden.wundermedia.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media-dl.ptc.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media.fragster.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media.kyte.tv [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media.scanscout.com [ C:\Users\Holger\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media.vmixcore.com [ C:\Users\Holger\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
media1.break.com [ C:\Users\Holger\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
s0.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
secure-us.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
static.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
www.99counters.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]
www.ardmediathek.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YW443GYY ]

cosinus · 23.02.2011, 17:01

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

nuukies · 23.02.2011, 17:16

Zitat:

Zitat von cosinus

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Das Programm läuft gerade durch. Werde es bald hier posten!

nuukies · 23.02.2011, 17:58

et voila:
Danke für die Hilfe bereits im voraus:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5852

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.02.2011 17:55:00
mbam-log-2011-02-23 (17-55-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 386474
Laufzeit: 47 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Holger\AppData\Local\Google\Chrome\user data\Default\Cache\f_001422 (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Holger\AppData\Local\Temp\icreinstall\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Holger\downloads\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

cosinus · 23.02.2011, 18:59

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

nuukies · 23.02.2011, 19:06

nope, ich habe das Programm erst heute installiert und es befindet sich nur eine Log Datei in dem Reiter.

Holger

cosinus · 23.02.2011, 19:08

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

nuukies · 23.02.2011, 19:30

Here we go:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-02-23.01 - Holger 23.02.2011  19:16:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.2716 [GMT 1:00]
ausgeführt von:: c:\users\Holger\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files (x86)\The Bat!\thebat.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-23 bis 2011-02-23  ))))))))))))))))))))))))))))))
.

2011-02-23 18:20 . 2011-02-23 18:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-23 17:58 . 2011-02-23 17:59	--------	d-----w-	c:\program files\Autoruns
2011-02-23 17:57 . 2011-02-23 17:57	--------	d-----w-	c:\program files\Defraggler
2011-02-23 17:10 . 2011-02-23 17:10	--------	d-----w-	c:\users\Holger\AppData\Roaming\Foxit Software
2011-02-23 17:10 . 2011-02-23 17:10	--------	d-----w-	c:\users\Holger\AppData\Roaming\Foxit
2011-02-23 17:10 . 2011-02-23 17:10	--------	d-----w-	c:\program files (x86)\Foxit Software
2011-02-23 16:59 . 2011-02-23 16:59	--------	d-----w-	c:\program files\CCleaner
2011-02-23 15:56 . 2011-02-23 15:56	--------	d-----w-	c:\users\Holger\AppData\Roaming\Malwarebytes
2011-02-23 15:55 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-23 15:55 . 2011-02-23 15:55	--------	d-----w-	c:\programdata\Malwarebytes
2011-02-23 15:55 . 2011-02-23 15:55	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-23 15:55 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-23 14:04 . 2011-02-23 14:04	--------	d-----w-	c:\users\Holger\AppData\Roaming\SUPERAntiSpyware.com
2011-02-23 14:04 . 2011-02-23 14:04	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-02-23 14:04 . 2011-02-23 14:04	--------	d-----w-	c:\windows\system32\AppLogs
2011-02-23 14:04 . 2011-02-23 14:04	--------	d-----w-	c:\programdata\!SASCORE
2011-02-23 14:04 . 2011-02-23 14:04	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-02-23 13:31 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-23 13:31 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-23 13:25 . 2011-02-23 13:26	--------	d-----w-	c:\program files (x86)\FoxTabPDFConverter
2011-02-23 12:26 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 12:26 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 12:26 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 12:26 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 10:20 . 2011-01-13 10:20	7844688	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF37D44B-BCF1-48D5-B1E8-1CB2A8466C57}\mpengine.dll
2011-02-10 13:41 . 2011-02-10 13:41	86016	----a-w-	c:\windows\SysWow64\frapsvid.dll
2011-02-10 13:41 . 2011-02-10 13:41	84992	----a-w-	c:\windows\system32\frapsv64.dll
2011-02-09 15:15 . 2010-10-27 05:18	5510528	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-02-09 15:15 . 2010-10-27 05:16	1739176	----a-w-	c:\windows\system32\ntdll.dll
2011-02-09 15:15 . 2010-10-27 04:43	3901824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-02-09 15:15 . 2010-10-27 04:43	3957120	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-02-09 15:15 . 2010-10-27 04:40	1293120	----a-w-	c:\windows\SysWow64\ntdll.dll
2011-02-09 15:15 . 2011-01-07 08:06	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-02-09 15:15 . 2011-01-07 07:27	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-02-09 15:15 . 2011-01-07 05:49	366080	----a-w-	c:\windows\system32\atmfd.dll
2011-02-09 15:15 . 2011-01-07 05:33	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 02:03 . 2010-12-03 12:43	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-12-03 01:04 . 2010-12-03 01:04	49752	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\SysWow64\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-12-03 49752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-02-08 1405384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2010-09-13 1101600]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners

2011-02-23 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 12:55]

2011-02-23 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 12:55]

2011-02-23 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 12:55]

2011-02-23 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 12:55]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1141555928-2508303228-2713433640-1001Core.job
- c:\users\Holger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-22 21:42]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1141555928-2508303228-2713433640-1001UA.job
- c:\users\Holger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-22 21:42]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=b054b5b900000000000000259cf4e0b1&tlver=1.4.19.19&affID=17162
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{c44f9e21-d93f-490c-b41c-b3548bdd19fc} - (no file)
Wow6432Node-HKCU-Run-thebat_startup - c:\program files (x86)\The Bat!\thebat.exe
WebBrowser-{C44F9E21-D93F-490C-B41C-B3548BDD19FC} - (no file)
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
AddRemove-WTRC 2011 Course Pack - c:\users\Holger\Documents\VSK5Online\Tracks\Challenges\$f00WTRC $09d2011\Uninstal.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1141555928-2508303228-2713433640-1001\Software\SecuROM\License information*]
"datasecu"=hex:9a,d1,8f,7a,9e,96,df,43,e6,58,7d,7b,00,c8,59,12,b3,62,21,1d,98,
   d1,88,cf,4c,5d,72,2e,94,02,4c,de,d6,7f,3d,af,b0,1f,c3,e3,d8,e0,bf,42,dc,ae,\
"rkeysecu"=hex:96,34,07,b8,9c,b8,f9,a8,b8,e0,50,75,16,b6,3f,9a

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-23  19:25:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-23 18:25

Vor Suchlauf: 9 Verzeichnis(se), 384.979.218.432 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 384.861.061.120 Bytes frei

- - End Of File - - 0BF4342C222080AF2BDAF190E87A7577

--- --- ---
Allerdings: Nach dem Neustart kam folgende Fehlermeldung (dich ich wegklicken musste und das Programm öffnen musste um den folgenden Screenshort zu machen, ich hoffe es gibt deswegen kein Problem

nuukies · 23.02.2011, 19:48

vielleicht hilft es bei der Hilfe:

Log File von Ad Aware (hat auch einen Befund gefunden)

Zitat:

Logfile created: 23.02.2011 19:41:47
Ad-Aware version: 9.0.2
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: ***

*********************** Definitions database information ***********************
Lavasoft definition file: 150.291
Genotype definition file version: 2011/02/22 17:00:23
Extended engine definition file: 8511.0

******************************** Scan results: *********************************
Scan profile name: Intelligenter Scan (ID: smart)
Objects scanned: 32521
Objects detected: 1

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0

Quarantined items:
Description: c:\users\***\documents\vsk5online\tracks\challenges\tr\wtrc\$f00wtrc $09d2011\uninstal.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 03094cbf4544d91676b2d4ea4afa393b

Scan and cleaning complete: Finished correctly after 244 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Intelligenter Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: strict, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Fri Dec 03 02:04:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Fri Dec 03 08:04:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Fri Dec 03 14:04:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Fri Dec 03 20:04:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Dec 03 02:04:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true

****************************** System information ******************************
Computer name: ***
Processor name: AMD Athlon(tm) II X2 215 Processor
Processor identifier: AMD64 Family 16 Model 6 Stepping 2
Processor speed: ~2712MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 16, processor revision 1538, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 2828087296 bytes
Physical memory total: 4294238208 bytes
Virtual memory available: 1793818624 bytes
Virtual memory total: 2147352576 bytes
Memory load: 34%
Microsoft (build 7600)
Windows startup mode:

Running processes:
PID: 268 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 420 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 480 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 512 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 544 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 560 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 568 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 628 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 720 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 804 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 844 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 908 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 976 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 108 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 432 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1088 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1104 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1240 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1316 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1404 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1436 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1552 name: C:\Program Files\SUPERAntiSpyware\SASCore64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1576 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1632 name: C:\Windows\SysWOW64\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1660 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1728 name: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1744 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1800 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1888 name: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1916 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2140 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2208 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2660 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2800 name: C:\Windows\System32\dwm.exe owner: Holger domain: Holger-PC
PID: 2884 name: C:\Windows\explorer.exe owner: Holger domain: Holger-PC
PID: 2892 name: C:\Windows\System32\taskhost.exe owner: Holger domain: Holger-PC
PID: 2972 name: C:\Windows\System32\rundll32.exe owner: Holger domain: Holger-PC
PID: 1512 name: C:\Program Files\Logitech\SetPointP\SetPoint.exe owner: Holger domain: Holger-PC
PID: 2300 name: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe owner: Holger domain: Holger-PC
PID: 2772 name: C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe owner: Holger domain: Holger-PC
PID: 2848 name: C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe owner: Holger domain: Holger-PC
PID: 2708 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: Holger domain: Holger-PC
PID: 2176 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: Holger domain: Holger-PC
PID: 3104 name: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe owner: Holger domain: Holger-PC
PID: 3332 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3484 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3800 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3824 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3932 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 4064 name: C:\Users\Holger\AppData\Local\Google\Chrome\Application\chrome.exe owner: Holger domain: Holger-PC
PID: 396 name: C:\Users\Holger\AppData\Local\Google\Chrome\Application\chrome.exe owner: Holger domain: Holger-PC
PID: 428 name: C:\Users\Holger\AppData\Local\Google\Chrome\Application\chrome.exe owner: Holger domain: Holger-PC
PID: 3712 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3860 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2788 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Holger domain: Holger-PC
PID: 2540 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2292 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2072 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Holger domain: Holger-PC
PID: 3464 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3596 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1560 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 668 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT-AUTORITÄT

Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: hpsysdrv
imagepath: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Name: HP Software Update
imagepath: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Name: avgnt
imagepath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Name: iTunesHelper
imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: !SASCORE
displayname: SAS Core Service
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: Browser
displayname: Computerbrowser
Name: CryptSvc
displayname: Kryptografiedienste
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: EapHost
displayname: Extensible Authentication-Protokoll
Name: EFS
displayname: Verschlüsselndes Dateisystem (EFS)
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: ezSharedSvc
displayname: Easybits Shared Services for Windows
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HomeGroupListener
displayname: Heimnetzgruppen-Listener
Name: HomeGroupProvider
displayname: Heimnetzgruppen-Anbieter
Name: IKEEXT
displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: p2pimsvc
displayname: Peernetzwerkidentitäts-Manager
Name: p2psvc
displayname: Peernetzwerk-Gruppenzuordnung
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PNRPsvc
displayname: Peer Name Resolution-Protokoll
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: RasMan
displayname: RAS-Verbindungsverwaltung
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: Schedule
displayname: Aufgabenplanung
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Sekundäre Anmeldung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: SstpSvc
displayname: SSTP-Dienst
Name: Stereo Service
displayname: NVIDIA Stereoscopic 3D Driver Service
Name: stisvc
displayname: Windows-Bilderfassung (WIA)
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telefonie
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WdiSystemHost
displayname: Diagnosesystemhost
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
displayname: Automatische WLAN-Konfiguration
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
displayname: Enumeratordienst für tragbare Geräte
Name: WSearch
displayname: Windows Search
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework

cosinus · 23.02.2011, 22:14

Ad-Aware brauchen wir nicht, das Tool kannst du getrost deinstallieren.

nuukies · 23.02.2011, 23:24

alles klar, was sagen den die logs aus? Brauchst du mehr Infos?

Holger

cosinus · 24.02.2011, 10:18

Läuft dein TheBat noch? Anscheinend hat CF da durch einen Fehlalarm die thebat.exe unter Quarantäne gestellt. Können wir aber rückgängig machen.

nuukies · 24.02.2011, 12:55

Lustig. Nein, theBat lief nicht mehr. Wenn ich auf das DesktopSymbol geklickt habe, wollte er es neu installieren.

Ich habe einfach nochmal die install.exe drüber laufen lassen und es geht wieder. Alle (auch neueren) Mails waren noch da. War das der richtige weg?

Gruß,
Holger

cosinus · 24.02.2011, 13:07

Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

23.02.2011, 17:01	#3
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	foxtab pdf converte II Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

23.02.2011, 18:59	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	foxtab pdf converte II Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. __________________ --> foxtab pdf converte II

23.02.2011, 22:14	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	foxtab pdf converte II Ad-Aware brauchen wir nicht, das Tool kannst du getrost deinstallieren. __________________ Logfiles bitte immer in CODE-Tags posten

24.02.2011, 10:18	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	foxtab pdf converte II Läuft dein TheBat noch? Anscheinend hat CF da durch einen Fehlalarm die thebat.exe unter Quarantäne gestellt. Können wir aber rückgängig machen. __________________ Logfiles bitte immer in CODE-Tags posten

foxtab pdf converte II

Plagegeister aller Art und deren Bekämpfung: foxtab pdf converte II