Trojaner-Board - Facebook Malware, Antivieren-Programme finden nichts

OTL Logfile:

Code:

OTL logfile created on: 06.11.2011 12:12:09 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Archiv\Downloads

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 49,95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148,84 Gb Total Space | 25,74 Gb Free Space | 17,29% Space Free | Partition Type: NTFS

Drive M: | 16,99 Gb Total Space | 1,27 Gb Free Space | 7,45% Space Free | Partition Type: FAT32

 

Computer Name: FELIX-LAPTOP | User Name: Felix | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Archiv\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Felix\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Spiele\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Spiele\Hamachi\hamachi-2.exe (LogMeIn Inc.)

PRC - C:\Programme\Avira Antivir\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

PRC - C:\Programme\Avira Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Programme\Novell\Client\cusrvc.exe ()

PRC - C:\Windows\System32\nwtray.exe ()

PRC - C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe (Novell, Inc.)

PRC - C:\Programme\Avira Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

PRC - C:\Programme\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)

PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)

PRC - C:\Programme\ThreatFire-Verhaltensbasierter_Schutz\TFTray.exe (PC Tools)

PRC - C:\Programme\ThreatFire-Verhaltensbasierter_Schutz\TFService.exe (PC Tools)

PRC - C:\Programme\Avira Antivir\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\RunWB2.exe (ANSYS, Inc.)

PRC - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\AnsysFWW.exe (ANSYS, Inc.)

PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe (ANSYS, Inc.)

PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_client.exe (ANSYS, Inc.)

PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe ()

PRC - C:\Windows\System32\mspaint.exe (Microsoft Corporation)

PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe (ANSYS, Inc.)

PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe (Acresso Software Inc.)

PRC - C:\Programme\ANSYS Inc\v121\commonfiles\jre\intel\bin\java.exe (Sun Microsystems, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Windows\System32\ncnetprovider.dll ()

MOD - C:\Windows\System32\nwshlxnt.dll ()

MOD - C:\Windows\System32\mapbase.dll ()

MOD - C:\Windows\System32\nclangid.dll ()

MOD - C:\Windows\System32\nwtray.exe ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\System32\nls\deutsch\ncnetproviderr.dll ()

MOD - C:\Windows\System32\nls\deutsch\nwshlxntr.dll ()

MOD - C:\Windows\System32\nls\deutsch\mapbaser.dll ()

MOD - C:\Windows\System32\nls\deutsch\nclangidr.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\ExternalConnection\bin\Win32\Ans.ExternalConnectionAddin.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\TurboSystem\bin\Win32\Ans.TurboSystem.Gui.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\TurboSystem\bin\Win32\Ans.TurboSystem.TSBase.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\VistaTF\bin\Win32\Ans.VistaTF.Gui.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\VistaTF\bin\Win32\Ans.VistaTF.DataModel.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\CFX\bin\Win32\Ans.CFX.Foundation.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.GUI.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.AUTODYNGraphGenerator.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.AutoDynReader.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.GraphDataGenerator.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.GraphGeneration.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.AnsysCurveFit.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.Commands.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.State.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.Validation.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.DataModel.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.MatMLReaderWriter.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.DataProvider.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.Utilities.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\DesignModeler\bin\Win32\Ans.DesignModeler.GUI.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\Simulation\bin\Win32\Ans.Simulation.GUI.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\Simulation\bin\Win32\Ans.Simulation.Core.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\DesignModeler\bin\Win32\Ans.DesignModeler.Core.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\Meshing\bin\Win32\Ans.Meshing.GUI.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\Meshing\bin\Win32\Ans.Meshing.Core.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\AUTODYN\bin\Win32\Ans.AUTODYN.GUI.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\AUTODYN\bin\Win32\Ans.AUTODYN.Commands.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.Library.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.Material.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EngineeringData\bin\Win32\Ans.EngineeringData.Core.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\ANSYS\bin\Win32\Ans.ANSYS.GUI.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\ANSYS\bin\Win32\Ans.ANSYS.Core.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\AUTODYN\bin\Win32\Ans.AUTODYN.DataModel.dll ()

MOD - C:\Programme\ANSYS Inc\v121\aisol\bin\intel\Ans.Common.CLRHelperCOM.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Addins\EKM\bin\Win32\Ans.EKM.Gui.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\AnsFile.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\oglft-0.9.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\XalanMessages_1_10.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCUEException.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCUEUtilities.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCUESystem.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCUEUnits.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCUEError.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCUECCLParseUtilities.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\libCFXUnits.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\glew32.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\GLU32.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\QtCore4.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\QtOpenGL4.dll ()

MOD - C:\Programme\ANSYS Inc\v121\Framework\bin\Win32\QtGui4.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (WinHttpAutoProxySvc) --  File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Hamachi2Svc) -- C:\Spiele\Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (AntiVirWebService) -- C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (cusrvc) -- C:\Programme\Novell\Client\cusrvc.exe ()

SRV - (XTSvcMgr) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe (Novell, Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

SRV - (JuniperAccessService) -- C:\Programme\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)

SRV - (ThreatFire) -- C:\Program Files\ThreatFire-Verhaltensbasierter_Schutz\TFService.exe (PC Tools)

SRV - (CVPND) -- C:\Program Files\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (ANSYS, Inc. License Manager) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe (ANSYS, Inc.)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (NCRecognizer) -- C:\Windows\system32\DRIVERS\NCRecognizer.sys ()

DRV - (NCFilter) -- C:\Windows\system32\DRIVERS\NCFilter.sys ()

DRV - (NCFSD) -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys ()

DRV - (NCIOCTL) -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys ()

DRV - (NICM) -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys (Novell, Inc.)

DRV - (NCUncFilter) -- C:\Windows\system32\DRIVERS\NCUncFilter.sys ()

DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD)

DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)

DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)

DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)

DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira Antivir\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://dynamics.fh-regensburg.de/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 C0 81 FE A1 B8 CA 01  [binary data]

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1

FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1

FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8

FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322

FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.2

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.backup.ftp: "190.144.25.190"

FF - prefs.js..network.proxy.backup.ftp_port: 8080

FF - prefs.js..network.proxy.backup.socks: "190.144.25.190"

FF - prefs.js..network.proxy.backup.socks_port: 8080

FF - prefs.js..network.proxy.backup.ssl: "190.144.25.190"

FF - prefs.js..network.proxy.backup.ssl_port: 8080

FF - prefs.js..network.proxy.ftp: "190.144.25.190"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "190.144.25.190"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "190.144.25.190"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "190.144.25.190"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VLC Media Player\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Felix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Felix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.14 06:40:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 12:22:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 13:20:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.03.04 23:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions

[2010.03.04 23:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.11.04 13:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\thgwtwe5.default\extensions

[2011.02.04 19:55:42 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\thgwtwe5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2011.11.03 08:15:15 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\thgwtwe5.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}

[2011.11.04 13:23:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\thgwtwe5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.08.08 23:05:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\thgwtwe5.default\extensions\coralietab@mozdev.org

[2010.04.10 01:08:55 | 000,002,059 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\thgwtwe5.default\searchplugins\daemon-search.xml

[2010.05.08 12:53:24 | 000,002,101 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\thgwtwe5.default\searchplugins\googlede.xml

[2011.04.05 12:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.04.29 22:11:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.09.20 19:16:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011.04.05 12:21:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\THGWTWE5.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\THGWTWE5.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\THGWTWE5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\THGWTWE5.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI

[2011.10.14 06:40:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.04.05 12:21:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.02.17 11:36:10 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2011.10.14 06:40:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.14 06:40:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.14 06:40:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.14 06:40:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.14 06:40:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.14 06:40:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.06.18 23:27:02 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Spiele\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NWTRAY] NWTRAY.EXE File not found

O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire-Verhaltensbasierter_Schutz\TFTray.exe (PC Tools)

O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira Antivir\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O13 - gopher Prefix: missing

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.199.1.163 132.199.1.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{106E2171-121E-4E39-94C5-615CFC1580A9}: DhcpNameServer = 132.199.1.163 132.199.1.2

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - File not found

O30 - LSA: Authentication Packages - (ncv1_0) -C:\Windows\System32\ncv1_0.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{67ee0ed1-4438-11df-92d7-001c23a6de2b}\Shell - "" = AutoRun

O33 - MountPoints2\{67ee0ed1-4438-11df-92d7-001c23a6de2b}\Shell\AutoRun\command - "" = E:\autorun.exe

O33 - MountPoints2\{67ee0ed1-4438-11df-92d7-001c23a6de2b}\Shell\setup\command - "" = E:\setup.exe

O33 - MountPoints2\{a9bbd2ec-594c-11e0-850a-c9abdd3824b0}\Shell - "" = AutoRun

O33 - MountPoints2\{a9bbd2ec-594c-11e0-850a-c9abdd3824b0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.04 17:41:40 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.11.04 17:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.10.14 12:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011.10.14 12:10:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2011.10.12 18:04:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2011.10.12 18:04:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2011.10.12 18:04:42 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.10.12 18:04:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.10.12 18:04:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.10.12 18:04:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.10.12 18:04:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.10.12 18:04:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.06 11:47:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-262187356-3095201414-4030968394-1000UA.job

[2011.11.06 10:49:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.05 19:02:42 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.05 19:02:42 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.05 18:54:48 | 1609,187,328 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.05 18:08:25 | 000,001,123 | ---- | M] () -- C:\Archiv\Desktop\Dynamics Laufwerk.lnk

[2011.11.05 15:35:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.11.05 15:35:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.11.05 15:35:00 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.11.05 15:35:00 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.11.05 12:47:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-262187356-3095201414-4030968394-1000Core.job

[2011.11.04 17:41:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.14 12:10:06 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.10.14 06:36:25 | 000,446,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.11.05 18:07:57 | 000,001,123 | ---- | C] () -- C:\Archiv\Desktop\Dynamics Laufwerk.lnk

[2011.11.04 17:41:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.14 12:10:06 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.10.08 20:10:58 | 005,372,032 | ---- | C] () -- C:\Archiv\Desktop\bb Lady Judas.mp3

[2011.07.23 09:34:26 | 004,894,121 | ---- | C] () -- C:\ProgramData\P7250370.JPG

[2011.07.03 18:37:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.05.05 03:12:02 | 000,662,104 | ---- | C] () -- C:\Windows\System32\ncloginui.dll

[2011.05.05 03:12:02 | 000,404,056 | ---- | C] () -- C:\Windows\System32\noveap.dll

[2011.05.05 03:12:02 | 000,277,080 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll

[2011.05.05 03:12:02 | 000,191,064 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll

[2011.05.05 03:12:02 | 000,166,488 | ---- | C] () -- C:\Windows\System32\mapbase.dll

[2011.05.05 03:12:02 | 000,113,240 | ---- | C] () -- C:\Windows\System32\nclangid.dll

[2011.05.05 03:12:02 | 000,110,680 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys

[2011.05.05 03:12:02 | 000,091,224 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys

[2011.05.05 03:12:02 | 000,035,928 | ---- | C] () -- C:\Windows\System32\nwtray.exe

[2011.05.05 03:12:02 | 000,026,712 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll

[2011.05.05 03:12:02 | 000,026,200 | ---- | C] () -- C:\Windows\System32\loginw32.exe

[2011.05.05 03:12:02 | 000,022,616 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys

[2011.05.05 03:12:02 | 000,014,424 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll

[2010.12.07 21:35:27 | 000,007,605 | ---- | C] () -- C:\Users\Felix\AppData\Local\Resmon.ResmonCfg

[2010.12.03 23:34:24 | 000,920,152 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll

[2010.12.03 23:34:24 | 000,240,216 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll

[2010.04.10 01:53:57 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2010.04.10 01:53:57 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2010.04.10 01:53:57 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2010.04.10 01:45:06 | 000,030,318 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2010.04.09 19:58:55 | 000,020,835 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\UserTile.png

[2010.04.03 01:45:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010.03.27 17:30:15 | 000,072,633 | ---- | C] () -- C:\Windows\War3Unin.dat

[2010.02.28 23:31:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2009.11.17 11:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 000,446,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.01.12 12:36:00 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll

[2007.01.12 12:36:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll

 
 ========== LOP Check ==========

 

[2010.12.28 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Ansys

[2010.04.24 10:58:41 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\AnvSoft

[2010.04.24 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\avidemux

[2011.03.06 22:19:25 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\bizarre creations

[2010.10.18 12:14:51 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Command and Conquer 3 Tiberium Wars

[2010.04.10 10:14:51 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DAEMON Tools Lite

[2010.04.27 18:20:54 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DassaultSystemes

[2011.11.05 18:56:15 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Dropbox

[2011.08.14 16:49:55 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoft

[2011.07.18 23:18:13 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.10.25 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\GlarySoft

[2011.08.16 15:24:28 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\HSR

[2010.02.28 22:37:51 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\InspireSoft

[2011.06.17 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Juniper Networks

[2010.10.05 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\LolClient

[2010.04.29 22:50:50 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Mathsoft

[2010.02.28 23:41:00 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\OpenOffice.org

[2010.04.09 19:58:55 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\PeerNetworking

[2010.04.14 00:28:32 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Scilab

[2010.04.01 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Sync App Settings

[2011.02.01 20:02:39 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\The Creative Assembly

[2010.03.04 23:32:53 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Thunderbird

[2010.03.04 17:45:06 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TrueCrypt

[2010.05.14 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Uniblue

[2011.10.20 07:45:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 

< End of report >

--- --- ---

Combofix Logfile:

Code:

ComboFix 11-11-18.01 - Felix 18.11.2011  12:29:48.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1213 [GMT 1:00]

ausgeführt von:: c:\archiv\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{179EC955-930A-4E90-A363-D0D486545437}.xps

c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3092F0AA-8D52-4C2A-B858-9532C3503422}.xps

c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D8452068-5423-4C9D-824B-074DF85A17E3}.xps

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-18 bis 2011-11-18  ))))))))))))))))))))))))))))))

.

.

2011-11-18 11:52 . 2011-11-18 11:53        --------        d-----w-        c:\users\Felix\AppData\Local\temp

2011-11-18 11:52 . 2011-11-18 11:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-11-18 11:03 . 2011-11-18 11:03        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C21D9D90-3AF6-4E35-9C0F-A123A846212E}\offreg.dll

2011-11-18 11:03 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C21D9D90-3AF6-4E35-9C0F-A123A846212E}\mpengine.dll

2011-11-11 21:42 . 2011-11-11 21:42        --------        d-----w-        c:\program files\RaceLab Sport

2011-11-09 17:43 . 2011-09-29 16:03        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-09 17:42 . 2011-10-01 04:37        708608        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-09 17:42 . 2011-09-29 03:37        2341888        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 16:41 . 2011-11-04 16:41        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-11-04 16:41 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-25 21:07 . 2011-08-13 04:18        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 02:42 . 2011-10-12 17:04        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-08-27 04:26 . 2011-10-12 17:04        571904        ----a-w-        c:\windows\system32\oleaut32.dll

2011-08-27 04:26 . 2011-10-12 17:04        233472        ----a-w-        c:\windows\system32\oleacc.dll

2011-11-11 10:42 . 2011-04-05 11:22        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-20 87144]

"ThreatFire"="c:\program files\ThreatFire-Verhaltensbasierter_Schutz\TFTray.exe" [2010-01-14 378128]

"NWTRAY"="NWTRAY.EXE" [2011-05-05 35928]

"LogMeIn Hamachi Ui"="c:\spiele\Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]

.

c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-10-27 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages        REG_MULTI_SZ           msv1_0 ncv1_0

.

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-02-17 20:24        136176        ----atw-        c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2011-08-04 12:34        1955208        ----a-w-        c:\spiele\Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 16:00        1047208        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-27 12:55        1242448        ----a-w-        c:\spiele\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]

R3 GarenaPEngine;GarenaPEngine;c:\users\Felix\AppData\Local\Temp\PBCFE6D.tmp [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\spiele\Garena\safedrv.sys [x]

R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-01-30 38976]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-05-05 91224]

S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-05-05 110680]

S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-05-05 22616]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-09 691696]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]

S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]

S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [2009-10-02 2969600]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira Antivir\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira Antivir\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-30 428200]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\spiele\Hamachi\hamachi-2.exe [2011-08-04 1361288]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-06-02 132464]

S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-05-05 88664]

S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-05-05 59992]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire-Verhaltensbasierter_Schutz\TFService.exe service [x]

S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-05-05 16984]

S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - NDSLPP

*Deregistered* - nccache

*Deregistered* - nciom

*Deregistered* - ncp

*Deregistered* - ncpfsp

*Deregistered* - ncpl

*Deregistered* - ndm

*Deregistered* - ndmndap

*Deregistered* - ndslpp

*Deregistered* - niam

*Deregistered* - nipctl

*Deregistered* - nscm

*Deregistered* - nsns

*Deregistered* - nsvccost

*Deregistered* - xtxplat

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-262187356-3095201414-4030968394-1000Core.job

- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:24]

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-262187356-3095201414-4030968394-1000UA.job

- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:24]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

LSP: c:\program files\Avira Antivir\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\thgwtwe5.default\

FF - prefs.js: browser.search.selectedEngine - Google.de

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - prefs.js: network.proxy.ftp - 190.144.25.190

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.http - 190.144.25.190

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 190.144.25.190

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 190.144.25.190

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-BCSSync - c:\program files\Microsoft Office 2010\Office14\BCSSync.exe

AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\Felix\AppData\Local\Temp\PBCFE6D.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1204)

c:\windows\system32\ncnetprovider.dll

c:\windows\system32\NCLangID.dll

c:\windows\system32\MAPBASE.dll

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\NWSHLXNT.dll

c:\program files\ThreatFire-Verhaltensbasierter_Schutz\TFWAH.dll

.

- - - - - - - > 'lsass.exe'(608)

c:\windows\system32\ncv1_0.DLL

c:\program files\ThreatFire-Verhaltensbasierter_Schutz\TFWAH.dll

.

Zeit der Fertigstellung: 2011-11-18  13:00:37

ComboFix-quarantined-files.txt  2011-11-18 12:00

.

Vor Suchlauf: 10 Verzeichnis(se), 28.354.174.976 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 29.195.833.344 Bytes frei

.

- - End Of File - - 07B36204370F280A07E77E9256C0F6A6

--- --- ---