Trojaner-Board - OnlineBanking gesperrt....

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - OnlineBanking gesperrt.... (https://www.trojaner-board.de/111018-onlinebanking-gesperrt.html)

OnlineBanking gesperrt....

Hallo,

Mein OnlineBanking wurde eben von meiner Bank gesperrt.

Grund:
Nach dem Einloggen im OnlineBanking kam ich nicht, wie gewöhnlich zu meiner Kontenübersicht, sondern sollte aus Sicherheitsgründen persönliche Daten und Daten zu meiner EC-Karte eingeben. Da die Seite aber nicht gut gemacht war (z.B. Fehlende verlinkungen hinter den Buttons) habe ich mich mit meiner Bank in Verbindung gesetzt....Die konnten mir nur sagen, das es ein Trojaner bei mir auf dem Rechner ist, aber nicht was für einer und wie ich den wieder los werde.

Ich habe es schon mit HighJackThis probiert, aber das Logfile hat mir nichts kritisches ausgeworfen. Daher habe ich es nun mit der OLT.exe probiert und stelle euch das Logfile zur Verfügung, in der Hoffnung, dass ihr da mehr drin erkennen könnt als ich.

Vielen Dank!!!

Code:

OTL logfile created on: 06.03.2012 16:10:02 - Run 1

OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\*****\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,73 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 35,51% Memory free

7,47 Gb Paging File | 4,99 Gb Available in Paging File | 66,77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,04 Gb Total Space | 83,51 Gb Free Space | 56,03% Space Free | Partition Type: NTFS

Drive D: | 148,65 Gb Total Space | 67,14 Gb Free Space | 45,16% Space Free | Partition Type: NTFS

 

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\NetBeans 6.9.1\bin\netbeans.exe ()

PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\WinClientShellExtensionContextMenu\1.0.0.30__9fb6a8250b54c137\WinClientShellExtensionContextMenu.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ClientExecuteUtils\1.0.0.13__0364d91cd0218e60\ClientExecuteUtils.dll ()

MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()

MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files (x86)\NetBeans 6.9.1\platform\lib\nbexec.dll ()

MOD - C:\Program Files (x86)\NetBeans 6.9.1\bin\netbeans.exe ()

MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU ()

MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU ()

MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.DEU ()

MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)

SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 C3 2D 7C F0 62 CB 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=53BF302F-2432-40EC-9897-6FD187B20AD2&apn_sauid=8DD55EDB-75F3-48DF-A7BD-1FC461DEBE47

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.25 13:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.23 23:05:00 | 000,000,000 | ---D | M]

 

[2010.10.06 07:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012.03.02 18:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n3yzjcer.default\extensions

[2012.03.02 18:57:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n3yzjcer.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2011.06.10 20:36:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n3yzjcer.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.04.15 11:29:46 | 000,002,567 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\searchplugins\askcom.xml

[2011.07.07 05:49:52 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\searchplugins\icqplugin.xml

[2012.03.02 18:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.01.11 22:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.11 13:05:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.14 19:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.06.06 05:32:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.06.06 05:32:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.06.06 05:32:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.06.06 05:32:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.06.06 05:32:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.07.19 12:35:37 | 000,000,900 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts:         172.16.8.236        b70.informatik.fh-gelsenkirchen.de

O1 - Hosts:         172.16.8.198        docuware

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20C0BD2E-72CA-4C18-91A5-E783CF3B64F7}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F994295-490B-4284-B9AE-879AFEDEB7C1}: DhcpNameServer = 139.7.30.125 139.7.30.126

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77022656-7965-484C-9ECD-5A11C554512F}: DhcpNameServer = 192.168.100.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C75D6B1-2F51-4DDC-AA84-75D16169DD14}: DhcpNameServer = 172.16.0.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A821F04C-CA70-4048-A754-862DB94F0A18}: DhcpNameServer = 139.7.30.126 139.7.30.125

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found

O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1de11be2-b23d-11e0-99af-002318394b89}\Shell - "" = AutoRun

O33 - MountPoints2\{1de11be2-b23d-11e0-99af-002318394b89}\Shell\AutoRun\command - "" = F:\Start.bat

O33 - MountPoints2\{5e0330fb-d15c-11df-887b-0026b6e96a99}\Shell - "" = AutoRun

O33 - MountPoints2\{5e0330fb-d15c-11df-887b-0026b6e96a99}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{5e033104-d15c-11df-887b-0026b6e96a99}\Shell - "" = AutoRun

O33 - MountPoints2\{5e033104-d15c-11df-887b-0026b6e96a99}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{97cf6600-6721-11e0-93d0-002318394b89}\Shell - "" = AutoRun

O33 - MountPoints2\{97cf6600-6721-11e0-93d0-002318394b89}\Shell\AutoRun\command - "" = F:\Start.bat

O33 - MountPoints2\{c00593e6-cedf-11df-a403-d70ef6811c85}\Shell - "" = AutoRun

O33 - MountPoints2\{c00593e6-cedf-11df-a403-d70ef6811c85}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{d29babe2-e5df-11e0-80ca-0026b6e96a99}\Shell - "" = AutoRun

O33 - MountPoints2\{d29babe2-e5df-11e0-80ca-0026b6e96a99}\Shell\AutoRun\command - "" = G:\PdtStart.exe

O33 - MountPoints2\{eb98e995-d621-11df-ac18-0026b6e96a99}\Shell - "" = AutoRun

O33 - MountPoints2\{eb98e995-d621-11df-ac18-0026b6e96a99}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.06 16:08:52 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.03.06 15:49:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.03.06 15:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.06 15:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.06 15:48:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.03.06 15:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.03.06 15:47:42 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe

[2012.03.06 15:39:44 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HousecallLauncher64.exe

[2012.03.06 15:38:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups

[2012.03.06 15:22:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe

[2012.03.05 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Beispiele

[2012.03.05 13:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ocxyufa

[2012.03.05 13:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Imcisai

[2012.03.04 12:56:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MOVAVI

[2012.03.04 12:43:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc

[2012.03.04 12:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012.03.04 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012.03.02 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Garmin

[2012.02.29 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\SwingExcerises

[2012.02.29 14:44:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\SourceCode

[2012.02.26 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun

[2012.02.24 21:49:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ISY

[2012.02.16 15:10:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Medion-NB

[2012.02.16 14:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\toshiba

[2012.02.16 13:15:08 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012.02.16 13:14:51 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012.02.16 13:14:51 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012.02.16 13:14:47 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012.02.16 13:14:34 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.02.16 13:14:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.02.16 13:14:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.02.16 13:14:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.02.16 13:14:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.02.16 13:14:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.02.16 13:14:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.02.15 20:12:43 | 000,035,008 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\drivers\PGEffect.sys

[2012.02.15 20:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA

[2012.02.15 20:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA

[2012.02.15 20:06:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype

[2012.02.15 20:06:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012.02.15 20:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.02.15 20:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.02.15 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012.02.10 12:01:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TempDIR

[2012.02.06 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\musik

[2012.02.06 11:45:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2010.10.16 11:21:39 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll

[2010.10.16 11:21:39 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll

[2010.10.16 11:21:39 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll

[2010.10.16 11:21:39 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx

[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.06 16:08:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.03.06 16:08:48 | 000,000,120 | ---- | M] () -- C:\Users\***\Desktop\oB7C92_D.htm.part.htm

[2012.03.06 15:51:52 | 000,853,787 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache

[2012.03.06 15:50:16 | 000,112,711 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache

[2012.03.06 15:48:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.06 15:47:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe

[2012.03.06 15:39:59 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache

[2012.03.06 15:39:48 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HousecallLauncher64.exe

[2012.03.06 15:23:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe

[2012.03.06 12:13:15 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.06 12:13:15 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.06 12:13:15 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.06 12:13:15 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.06 12:13:15 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.06 08:20:51 | 000,014,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.06 08:20:51 | 000,014,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.06 08:12:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.06 08:12:02 | 3007,647,744 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.06 00:55:44 | 000,000,110 | ---- | M] () -- C:\Users\***\AppData\Roaming\GoodnightTimer.ini

[2012.03.05 21:12:47 | 002,050,494 | ---- | M] () -- C:\Users\***\Desktop\Teil2.pdf

[2012.03.05 21:12:40 | 002,818,436 | ---- | M] () -- C:\Users\***\Desktop\Teil1.pdf

[2012.03.05 20:45:33 | 000,006,128 | ---- | M] () -- C:\Users\***\Desktop\Editor.zip

[2012.03.05 20:04:53 | 000,258,015 | ---- | M] () -- C:\Users\***\Desktop\editor.jar

[2012.03.05 19:43:20 | 000,114,103 | ---- | M] () -- C:\Users\***\Desktop\Netbeans-Ereignisse.jpg

[2012.03.04 12:56:54 | 000,005,082 | ---- | M] () -- C:\ProgramData\ojobkspa.ako

[2012.03.04 12:43:35 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.03.03 11:22:59 | 005,247,422 | ---- | M] () -- C:\Users\***\Desktop\Video_00007.wmv

[2012.03.03 11:09:37 | 001,934,960 | ---- | M] () -- C:\Users\***\Desktop\Video_00003.wmv

[2012.03.03 11:09:01 | 000,044,564 | ---- | M] () -- C:\Users\***\Desktop\Photo_00004.jpg

[2012.03.03 11:08:46 | 000,045,058 | ---- | M] () -- C:\Users\***\Desktop\Photo_00003.jpg

[2012.03.03 11:06:07 | 005,774,228 | ---- | M] () -- C:\Users\***\Desktop\Video_00002.wmv

[2012.03.01 23:05:36 | 001,704,654 | ---- | M] () -- C:\Users\***\Desktop\017.JPG

[2012.03.01 23:05:36 | 001,464,298 | ---- | M] () -- C:\Users\***\Desktop\177.JPG

[2012.03.01 19:15:52 | 000,017,648 | ---- | M] () -- C:\Users\***\Desktop\MTG77242205_60_20120229.pdf

[2012.02.29 14:40:06 | 001,142,515 | ---- | M] () -- C:\Users\***\Desktop\Grafik-Progammierung mit Java Swing (Beispiele).zip

[2012.02.28 16:58:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.02.25 17:16:58 | 000,002,104 | ---- | M] () -- C:\Users\***\Desktop\NetBeans IDE 6.9.1.lnk

[2012.02.18 08:34:42 | 000,420,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.06 16:08:35 | 000,000,120 | ---- | C] () -- C:\Users\***\Desktop\oB7C92_D.htm.part.htm

[2012.03.06 15:51:52 | 000,853,787 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache

[2012.03.06 15:50:16 | 000,112,711 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache

[2012.03.06 15:48:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.06 15:39:59 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache

[2012.03.05 21:12:40 | 002,818,436 | ---- | C] () -- C:\Users\***\Desktop\Teil1.pdf

[2012.03.05 20:45:32 | 000,006,128 | ---- | C] () -- C:\Users\***\Desktop\Editor.zip

[2012.03.05 20:04:53 | 000,258,015 | ---- | C] () -- C:\Users\***\Desktop\editor.jar

[2012.03.05 19:43:19 | 000,114,103 | ---- | C] () -- C:\Users\***\Desktop\Netbeans-Ereignisse.jpg

[2012.03.04 14:24:50 | 002,050,494 | ---- | C] () -- C:\Users\***\Desktop\Teil2.pdf

[2012.03.04 12:56:54 | 000,005,082 | ---- | C] () -- C:\ProgramData\ojobkspa.ako

[2012.03.04 12:55:40 | 136,077,824 | ---- | C] () -- C:\Users\***\Desktop\P1000014.MOV

[2012.03.04 12:43:35 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.03.03 11:25:02 | 000,045,058 | ---- | C] () -- C:\Users\***\Desktop\Photo_00003.jpg

[2012.03.03 11:25:02 | 000,044,564 | ---- | C] () -- C:\Users\***\Desktop\Photo_00004.jpg

[2012.03.03 11:24:42 | 001,934,960 | ---- | C] () -- C:\Users\***\Desktop\Video_00003.wmv

[2012.03.03 11:24:41 | 005,774,228 | ---- | C] () -- C:\Users\***\Desktop\Video_00002.wmv

[2012.03.03 11:24:40 | 005,247,422 | ---- | C] () -- C:\Users\***\Desktop\Video_00007.wmv

[2012.03.01 23:05:36 | 001,704,654 | ---- | C] () -- C:\Users\***\Desktop\017.JPG

[2012.03.01 23:05:36 | 001,464,298 | ---- | C] () -- C:\Users\***\Desktop\177.JPG

[2012.03.01 19:15:52 | 000,017,648 | ---- | C] () -- C:\Users\***\Desktop\MTG77242205_60_20120229.pdf

[2012.02.29 14:40:09 | 001,142,515 | ---- | C] () -- C:\Users\***\Desktop\Grafik-Progammierung mit Java Swing (Beispiele).zip

[2012.02.25 17:16:58 | 000,002,104 | ---- | C] () -- C:\Users\***\Desktop\NetBeans IDE 6.9.1.lnk

[2012.02.23 23:05:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2011.12.01 14:30:01 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.07.07 12:18:44 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll

[2011.05.11 17:54:21 | 000,000,702 | ---- | C] () -- C:\Users\***\AppData\Roaming\DocuWare.Wrapper.DW4Client.dll.config

[2011.04.29 12:49:17 | 000,000,043 | ---- | C] () -- C:\Windows\docuware.ini

[2011.04.09 12:33:56 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2011.03.21 21:22:53 | 000,000,110 | ---- | C] () -- C:\Users\***\AppData\Roaming\GoodnightTimer.ini

[2011.01.09 17:14:55 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd

[2010.10.16 11:21:39 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt

[2010.10.16 11:21:39 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt

[2010.10.16 11:21:01 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll

[2010.10.16 11:21:01 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll

[2010.10.16 11:21:01 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll

[2010.10.16 11:21:01 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll

[2010.10.16 11:21:01 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll

[2010.10.16 11:20:43 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\vtssm32.dll

[2010.07.28 20:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010.07.28 20:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010.07.28 20:08:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010.07.28 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010.07.28 19:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
 

< End of report >

Code:

OTL Extras logfile created on: 06.03.2012 16:10:02 - Run 1

OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\****\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,73 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 35,51% Memory free

7,47 Gb Paging File | 4,99 Gb Available in Paging File | 66,77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,04 Gb Total Space | 83,51 Gb Free Space | 56,03% Space Free | Partition Type: NTFS

Drive D: | 148,65 Gb Total Space | 67,14 Gb Free Space | 45,16% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{64A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11 (64-bit)

"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software

"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPROR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPROR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPROR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-1000-0000000FF1CE}_Office14.VISIOR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPROR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-1000-0000000FF1CE}_Office14.VISIOR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010

"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0407-1000-0000000FF1CE}_Office14.VISIOR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010

"{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-1000-0000000FF1CE}_Office14.VISIOR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010

"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010

"{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)

"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010

"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Office14.PRJPROR" = Microsoft Project Professional 2010

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Office14.VISIOR" = Microsoft Visio Premium 2010

"ProInst" = Intel PROSet Wireless

"PROSet" = Intel(R) Network Connections Drivers

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Ultravnc2_is1" = UltraVNC 1.0.8.2

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22

"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23

"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{68245C0F-ADED-4CFE-A433-641D1DA0C1AA}" = DocuWare eLearning-Trainings

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch

"{DAD2B9D2-385F-4E80-8A12-2901F3F75392}" = DocuWare 5 Client

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"agorum core Windows Client" = agorum core Windows Client

"DAEMON Tools Lite" = DAEMON Tools Lite

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228

"FreePDF_XP" = FreePDF (Remove only)

"Goodnight Timer_is1" = Goodnight Timer 1.1

"GPL Ghostscript 9.00" = GPL Ghostscript 9.00

"GPL Ghostscript 9.02" = GPL Ghostscript

"IrfanView" = IrfanView (remove only)

"Liferay Social Office 1.5b" = Liferay Social Office 1.5b

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)

"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1

"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1

"OpenVPN" = OpenVPN 2.1.4

"SAP_WUS" = SAPSetup Automatic Workstation Update Service

"SAPBI" = SAP Business Explorer

"SAPGUI710" = SAP GUI 7.10

"TeamViewer 6" = TeamViewer 6

"VLC media player" = VLC media player 2.0.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ARIS Express 2.3" = ARIS Express 2.3

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 04.03.2012 07:59:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 04.03.2012 07:59:38 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 04.03.2012 07:59:39 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 04.03.2012 07:59:45 | Computer Name = ***-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe,

 Version: 1.32.4.0, Zeitstempel: 0x4f2166d3  Name des fehlerhaften Moduls: igdumd32.dll,

 Version: 8.15.10.2189, Zeitstempel: 0x4c509af8  Ausnahmecode: 0xc0000409  Fehleroffset:

 0x00016776  ID des fehlerhaften Prozesses: 0xa4c  Startzeit der fehlerhaften Anwendung:

 0x01ccf9fe4741b3ac  Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\system32\igdumd32.dll  Berichtskennung: 886f92d8-65f1-11e1-b493-002318394b89

 

Error - 04.03.2012 07:59:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 04.03.2012 07:59:59 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 04.03.2012 08:00:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe,

 Version: 1.32.4.0, Zeitstempel: 0x4f2166d3  Name des fehlerhaften Moduls: igdumd32.dll,

 Version: 8.15.10.2189, Zeitstempel: 0x4c509af8  Ausnahmecode: 0xc0000409  Fehleroffset:

 0x00016776  ID des fehlerhaften Prozesses: 0xa44  Startzeit der fehlerhaften Anwendung:

 0x01ccf9fe52ce42e6  Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\SoftonicDownloader_fuer_pazera-free-mov-to-avi-converter.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\system32\igdumd32.dll  Berichtskennung: 9202467b-65f1-11e1-b493-002318394b89

 

Error - 04.03.2012 13:28:29 | Computer Name = ***-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 05.03.2012 03:24:37 | Computer Name = ***-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 06.03.2012 03:12:24 | Computer Name = ***-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

[ System Events ]

Error - 03.03.2012 05:37:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management

 Service" wurde nicht richtig gestartet.

 

Error - 04.03.2012 06:46:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management

 Service" wurde nicht richtig gestartet.

 

Error - 04.03.2012 13:29:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management

 Service" wurde nicht richtig gestartet.

 

Error - 04.03.2012 13:31:57 | Computer Name = ***-PC | Source = bowser | ID = 8003

Description = 

 

Error - 05.03.2012 03:25:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management

 Service" wurde nicht richtig gestartet.

 

Error - 05.03.2012 03:27:16 | Computer Name = ***-PC | Source = bowser | ID = 8003

Description = 

 

Error - 06.03.2012 03:13:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management

 Service" wurde nicht richtig gestartet.

 

Error - 06.03.2012 03:14:39 | Computer Name = ***-PC | Source = bowser | ID = 8003

Description = 

 

Error - 06.03.2012 10:41:52 | Computer Name = ***-PC | Source = bowser | ID = 8016

Description = 

 

Error - 06.03.2012 10:41:59 | Computer Name = ***-PC | Source = bowser | ID = 8016

Description = 

 

 

< End of report >

hi
öffne malwarebytes, berichte poste alle bisher erstellten logs

Malwarbytes hat bei dem schnellenScan nichts gefunden....
Beim intensiven Scan kam dies heraus:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.06.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Schroeder :: ***-PC [Administrator]
 

Schutz: Aktiviert
 

06.03.2012 15:56:07

mbam-log-2012-03-06 (16-42-34).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 207102

Laufzeit: 43 Minute(n), 19 Sekunde(n) [Abgebrochen]
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Schroeder\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.
 

(Ende)

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

hier nun das LogFile aus ComboFix:

Code:

ComboFix 12-03-04.02 - *** 06.03.2012  17:49:57.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3824.2004 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90E84236-04C9-4FCE-8A8C-746F64BAC31C}.xps

c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C2B3FF7D-1F38-4AEC-AD4A-2555D264929E}.xps

c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CFDA6994-7708-4A11-9A84-13A5E4AB2530}.xps

c:\users\***\AppData\Local\TempDIR

c:\users\***\AppData\Local\TempDIR\BetterInstaller.exe

c:\users\***\Documents\~WRL0156.tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-06 bis 2012-03-06  ))))))))))))))))))))))))))))))

.

.

2012-03-06 16:55 . 2012-03-06 16:55        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-06 16:37 . 2012-03-06 16:37        --------        d-----w-        c:\users\***\AppData\Roaming\Avira

2012-03-06 16:31 . 2012-01-31 07:56        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-03-06 16:31 . 2012-01-31 07:56        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-06 16:31 . 2011-09-16 15:08        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-03-06 16:31 . 2012-03-06 16:31        --------        d-----w-        c:\programdata\Avira

2012-03-06 16:31 . 2012-03-06 16:31        --------        d-----w-        c:\program files (x86)\Avira

2012-03-06 14:49 . 2012-03-06 14:49        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2012-03-06 14:48 . 2012-03-06 14:48        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-06 14:48 . 2012-03-06 14:49        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-06 14:48 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-06 07:18 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE48E158-1852-4E2F-A5AE-E06E7972C16C}\mpengine.dll

2012-03-05 12:41 . 2012-03-06 14:13        --------        d-----w-        c:\users\***\AppData\Roaming\Ocxyufa

2012-03-05 12:41 . 2012-03-05 12:41        --------        d-----w-        c:\users\***\AppData\Roaming\Imcisai

2012-03-04 11:56 . 2012-03-04 11:56        --------        d-----w-        c:\users\***\AppData\Roaming\MOVAVI

2012-03-04 11:43 . 2012-03-04 11:44        --------        d-----w-        c:\users\***\AppData\Roaming\vlc

2012-03-04 11:43 . 2012-03-04 11:43        --------        d-----w-        c:\program files (x86)\VideoLAN

2012-03-02 17:57 . 2012-03-02 17:57        --------        d-----w-        c:\users\***\AppData\Roaming\Garmin

2012-02-16 13:25 . 2012-02-16 13:25        --------        d-----w-        c:\users\***\AppData\Roaming\toshiba

2012-02-16 12:15 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-16 12:15 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-15 19:12 . 2009-06-22 16:06        35008        ----a-w-        c:\windows\system32\drivers\PGEffect.sys

2012-02-15 19:12 . 2012-02-15 19:12        --------        d-----w-        c:\program files (x86)\TOSHIBA

2012-02-15 19:06 . 2012-03-03 11:05        --------        d-----w-        c:\users\***\AppData\Roaming\Skype

2012-02-15 19:06 . 2012-02-15 19:06        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-02-15 19:06 . 2012-02-15 19:06        --------        d-----r-        c:\program files (x86)\Skype

2012-02-15 19:06 . 2012-02-15 19:06        --------        d-----w-        c:\programdata\Skype

2012-02-06 10:45 . 2012-02-06 10:45        --------        d-----w-        c:\users\***\AppData\Roaming\DVDVideoSoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-28 15:58 . 2011-06-27 20:43        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-10-03 12:42        279656        ------w-        c:\windows\system32\MpSigStub.exe

2009-10-07 07:46 . 2010-10-16 10:21        626688        ----a-w-        c:\program files (x86)\Common Files\sapconsaccess.dll

2009-10-07 07:46 . 2010-10-16 10:21        40960        ----a-w-        c:\program files (x86)\Common Files\DigitalSignature.ocx

2009-10-07 07:46 . 2010-10-16 10:21        3145728        ----a-w-        c:\program files (x86)\Common Files\sapxlhelper.dll

2009-10-07 07:46 . 2010-10-16 10:21        192512        ----a-w-        c:\program files (x86)\Common Files\sapconsr3.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]

@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"

[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]

2010-11-05 01:58        297808        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]

"172.16.8.236,255.255.255.255,192.168.234.51,1"=""

.

2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2009-08-20 259440]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]

@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"

[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]

2010-11-05 01:57        444752        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]

"172.16.8.236,255.255.255.255,192.168.234.51,1"=""

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://de.ask.com?o=15788&l=dis

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Liferay Social Office 1.5b - c:\liferay\Social Office 1.5b\bin\uninstall.exe

AddRemove-ARIS Express 2.3 - c:\windows\system32\javaws.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-06  18:02:51 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-06 17:02

.

Vor Suchlauf: 14 Verzeichnis(se), 88.963.969.024 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 89.824.333.824 Bytes frei

.

- - End Of File - - 5D8AB4103CBA64CA4BDECB6D3E36B90D

hi
*** durch nutzernamen ersetzen damit es funktioniert

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

:OTL
 

 :Files

c:\users\***\AppData\Roaming\Ocxyufa

c:\users\***\AppData\Roaming\Imcisai

c:\users\***\AppData\Roaming\MOVAVI

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

so, der Upload hat erfolgreich geklappt

und hier ist das LogFile:

Code:

All processes killed

========== OTL ==========

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: ***

->Flash cache emptied: 101860 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 270897 bytes

->Temporary Internet Files folder emptied: 89457445 bytes

->Java cache emptied: 164145092 bytes

->FireFox cache emptied: 118127360 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 355,00 mb

 

 

OTL by OldTimer - Version 3.2.35.1 log created on 03062012_183726
 

Files\Folders moved on Reboot...

C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

sieht nicht so aus als hättest du das ganze script kopiert.
es geht los mit :OTL bis zur reboot zeile, *** durch nutzernamen ersetzen wie gesagt nicht vergessen

hmmm, ich hab den gesamten Inhalt der Textdatei gepostet (bzw. nochmal in überarbeiter Form oben hinzugefügt), der nach dem Reboot angezeigt worden ist. Der ist so...und fängt nicht mit :OTL an :o(((

Oder sollte ich das nochmal ein OTL-Scan durchführen?

dann anders
wieder *** durch nutzernamen ersetzen

start programme zubehör editor reinkopieren.
killall::
Folder::
c:\users\***\AppData\Roaming\Ocxyufa
c:\users\***\AppData\Roaming\Imcisai
c:\users\***\AppData\Roaming\MOVAVI

datei speichern unter, typ alle dateien, ort, dort wo sich combofix.exe befindet, typ alle dateien, name:
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten.

hier das neue Log-File vom ComboFix:

Code:

ComboFix 12-03-04.02 - *** 06.03.2012  19:21:53.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3824.2631 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\***\Desktop\cfscript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\***\AppData\Roaming\Imcisai

c:\users\***\AppData\Roaming\Imcisai\idubsi.exe

c:\users\***\AppData\Roaming\MOVAVI

c:\users\***\AppData\Roaming\MOVAVI\MainLog\mainlog2.log

c:\users\***\AppData\Roaming\MOVAVI\MainLog\sys_info.txt

c:\users\***\AppData\Roaming\Ocxyufa

c:\users\***\AppData\Roaming\Ocxyufa\hyeqyx.oft

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-06 bis 2012-03-06  ))))))))))))))))))))))))))))))

.

.

2012-03-06 18:26 . 2012-03-06 18:26        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-06 17:37 . 2012-03-06 17:43        --------        d-----w-        C:\_OTL

2012-03-06 14:49 . 2012-03-06 14:49        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2012-03-06 14:48 . 2012-03-06 14:48        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-06 14:48 . 2012-03-06 14:49        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-06 14:48 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-06 07:18 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE48E158-1852-4E2F-A5AE-E06E7972C16C}\mpengine.dll

2012-03-04 11:43 . 2012-03-04 11:44        --------        d-----w-        c:\users\***\AppData\Roaming\vlc

2012-03-04 11:43 . 2012-03-04 11:43        --------        d-----w-        c:\program files (x86)\VideoLAN

2012-03-02 17:57 . 2012-03-02 17:57        --------        d-----w-        c:\users\***\AppData\Roaming\Garmin

2012-02-16 13:25 . 2012-02-16 13:25        --------        d-----w-        c:\users\***\AppData\Roaming\toshiba

2012-02-16 12:15 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-16 12:15 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-15 19:12 . 2009-06-22 16:06        35008        ----a-w-        c:\windows\system32\drivers\PGEffect.sys

2012-02-15 19:12 . 2012-02-15 19:12        --------        d-----w-        c:\program files (x86)\TOSHIBA

2012-02-15 19:06 . 2012-03-03 11:05        --------        d-----w-        c:\users\***\AppData\Roaming\Skype

2012-02-15 19:06 . 2012-02-15 19:06        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-02-15 19:06 . 2012-02-15 19:06        --------        d-----r-        c:\program files (x86)\Skype

2012-02-15 19:06 . 2012-02-15 19:06        --------        d-----w-        c:\programdata\Skype

2012-02-06 10:45 . 2012-02-06 10:45        --------        d-----w-        c:\users\***\AppData\Roaming\DVDVideoSoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-28 15:58 . 2011-06-27 20:43        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-10-03 12:42        279656        ------w-        c:\windows\system32\MpSigStub.exe

2009-10-07 07:46 . 2010-10-16 10:21        626688        ----a-w-        c:\program files (x86)\Common Files\sapconsaccess.dll

2009-10-07 07:46 . 2010-10-16 10:21        40960        ----a-w-        c:\program files (x86)\Common Files\DigitalSignature.ocx

2009-10-07 07:46 . 2010-10-16 10:21        3145728        ----a-w-        c:\program files (x86)\Common Files\sapxlhelper.dll

2009-10-07 07:46 . 2010-10-16 10:21        192512        ----a-w-        c:\program files (x86)\Common Files\sapconsr3.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-03-06_16.57.16   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-03 11:52 . 2012-03-06 17:42        51848              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-06 17:42        33606              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-10-03 11:19 . 2012-03-06 17:42        15484              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1589883488-2376610187-1100701142-1000_UserData.bin

+ 2010-10-03 10:52 . 2012-03-06 18:27        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-03 10:52 . 2012-03-06 16:56        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-03 10:52 . 2012-03-06 18:27        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-10-03 10:52 . 2012-03-06 16:56        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-06 18:27        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-06 16:56        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-10-03 14:08 . 2012-03-06 16:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-03 14:08 . 2012-03-06 18:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-03 14:08 . 2012-03-06 18:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-10-03 14:08 . 2012-03-06 16:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-03-06 18:27 . 2012-03-06 18:27        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-06 16:56 . 2012-03-06 16:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-06 18:27 . 2012-03-06 18:27        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-06 16:56 . 2012-03-06 16:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-03-06 11:13        619146              c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-06 17:43        619146              c:\windows\system32\perfh009.dat

- 2009-07-14 17:58 . 2012-03-06 11:13        657910              c:\windows\system32\perfh007.dat

+ 2009-07-14 17:58 . 2012-03-06 17:43        657910              c:\windows\system32\perfh007.dat

+ 2009-07-14 02:36 . 2012-03-06 17:43        107466              c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-06 11:13        107466              c:\windows\system32\perfc009.dat

- 2009-07-14 17:58 . 2012-03-06 11:13        131250              c:\windows\system32\perfc007.dat

+ 2009-07-14 17:58 . 2012-03-06 17:43        131250              c:\windows\system32\perfc007.dat

- 2009-07-14 05:01 . 2012-03-06 16:55        392496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-06 18:26        392496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]

@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"

[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]

2010-11-05 01:58        297808        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]

"172.16.8.236,255.255.255.255,192.168.234.51,1"=""

.

2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2009-08-20 259440]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\desk4web]

@="{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}"

[HKEY_CLASSES_ROOT\CLSID\{f6d817d0-42d6-4bf2-a9ae-47512e39afd0}]

2010-11-05 01:57        444752        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]

"172.16.8.236,255.255.255.255,192.168.234.51,1"=""

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://de.ask.com?o=15788&l=dis

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n3yzjcer.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-03-06  19:32:18 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-06 18:32

ComboFix2.txt  2012-03-06 17:02

.

Vor Suchlauf: 19 Verzeichnis(se), 90.550.685.696 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 90.451.685.376 Bytes frei

.

- - End Of File - - 2DC678B978328A1CEB4BE82A8934FAD5

das ging.
öffne mal computer, c: qoobox.
rechtsklick quarantain, ebenfalls packen und wie moved files hochladen.

Quarantine.zip hab ich erfolgreich hochgeladen

danke.
also, du hast den zbot trojaner.
das sicherste wäre es hier, komplett neu aufzusetzen.
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf einen externen Datenträger (USB-Platte): http://www.trojaner-board.de/82533-d...ted-magic.html
Bider, Dokumente, Musik, Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neuinstallieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
Recovery CD oder Recovery Partition?
falls dies ein Fertig-PC ist, nenne Hersteller + Typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Danke, dann weiß ich bescheid