Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AVG: Trojaner BackDoor.Generic14.CAOS - consrv.dll (https://www.trojaner-board.de/106764-avg-trojaner-backdoor-generic14-caos-consrv-dll.html)

Hedonist 22.12.2011 22:39
AVG: Trojaner BackDoor.Generic14.CAOS - consrv.dll
 
Heya!

AVG's Residenter Schutz meldet mir einen Trojaner: BackDoor.Generic14.CAOS in c:\windows\System32\consrv.dll

Ich habe nun schon ein wenig herumgesucht und ein paar scans laufen lassen. Unter anderem auch aswMBR ... da wurde auch gleich der AVG bestätigt:

19:45:13.336 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen

Die logs für aswMBR und OTL (als zip file) habe ich mal angehängt. Ich hoffe das hilft. FixMBR habe ich mich erst einmal nicht getraut, oder wäre das der nächste Schritt?

Vielen Dank schon mal im voraus! :crazy:

kira 23.12.2011 06:30
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

Hedonist 23.12.2011 09:48
Hi Kira! Vielen Dank für deine Hilfe. Hier sind die gewünschten logs:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122304

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 09:22:21
mbam-log-2011-12-23 (09-22-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308941
Laufzeit: 35 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
OTL logfile created on: 23.12.2011 09:33:33 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Peter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,32% Memory free
8,00 Gb Paging File | 5,98 Gb Available in Paging File | 74,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105,10 Gb Total Space | 3,68 Gb Free Space | 3,50% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 2,07 Gb Free Space | 4,71% Space Free | Partition Type: NTFS
Drive E: | 111,78 Gb Total Space | 56,55 Gb Free Space | 50,59% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 1,27 Gb Free Space | 34,10% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Peter\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys (LogMeIn, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 31 1F C7 EC B1 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..network.proxy.http: "137.226.138.156"
FF - prefs.js..network.proxy.http_port: 3128
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIE6C2~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIE6C2~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3-rc: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.22 14:19:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.13 22:07:55 | 000,000,000 | ---D | M]
 
[2009.10.30 02:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2011.12.22 14:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions
[2011.12.08 23:08:55 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011.04.05 02:33:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2010.09.05 21:09:10 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
[2011.07.05 22:25:35 | 000,000,000 | ---D | M] ("FacebookBlocker") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\facebookBlocker@webgraph.com
[2011.12.22 15:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.29 19:30:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.22 15:04:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.12.22 14:19:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.20 03:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.20 03:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.20 03:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.20 03:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.20 03:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.20 03:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.16 21:25:14 | 000,000,863 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      www.newsleecher.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIE6C2~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIE6C2~1\Office12\REFIEBAR.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ABAC106-146A-41C0-AF0C-D84549F12A95}: DhcpNameServer = 195.50.140.118 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4A4A2F8-9C69-4EB0-BB85-29558E84B414}: NameServer = 195.50.140.118 195.50.140.180
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ff60050-c4ff-11de-a361-001b2464e0f2}\Shell - "" = AutoRun
O33 - MountPoints2\{4ff60050-c4ff-11de-a361-001b2464e0f2}\Shell\AutoRun\command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.22 20:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.22 20:05:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
[2011.12.22 19:02:21 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Peter\Desktop\aswMBR.exe
[2011.12.22 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.22 16:27:47 | 004,348,461 | ---- | C] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2011.12.22 15:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.22 15:04:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.22 15:04:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.22 15:04:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.22 14:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.12.22 14:56:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Secunia PSI
[2011.12.22 14:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011.12.22 12:47:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2011.12.22 12:44:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2011.12.22 12:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.22 12:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.22 12:44:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.22 12:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.22 12:19:06 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.22 12:18:50 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\edbc5963
[2011.12.21 11:03:07 | 000,000,000 | ---D | C] -- C:\ElsterFormular
[2011.12.17 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\dvdcss
[2011.12.15 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AKVIS
[2011.12.15 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.15 22:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKVIS
[2011.12.15 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AKVIS
[2011.12.14 14:13:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.14 14:13:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.14 14:13:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.14 14:13:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.14 14:13:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.14 14:13:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.14 14:13:38 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.14 14:13:38 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.14 14:13:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.14 14:13:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.14 14:13:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.14 10:56:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.14 10:55:56 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.14 10:55:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.08 23:08:25 | 000,000,000 | ---D | C] -- C:\Users\Peter\ElsterFormular
[2011.12.08 21:10:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\elsterformular
[2011.12.08 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011.12.08 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.12.08 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.12.04 11:39:51 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Elo
[2011.12.04 11:30:50 | 000,887,808 | ---- | C] (ELO Digital Office GmbH) -- C:\Windows\SysNative\EloPrinterX64Cfg.dll
[2011.12.04 11:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELOoffice
[2011.12.04 11:28:45 | 000,600,064 | ---- | C] (ELO Digital Office GmbH) -- C:\Windows\SysWow64\ELOHTML.ocx
[2011.12.04 11:28:45 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2011.12.04 11:28:43 | 001,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2011.12.04 11:28:43 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\threed.vbx
[2011.12.04 11:28:43 | 000,026,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc16gt.dll
[2011.12.04 11:28:43 | 000,011,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.cpl
[2011.12.04 11:28:42 | 000,253,952 | ---- | C] (Apex Software Corporation) -- C:\Windows\SysWow64\grdkrn32.dll
[2011.12.04 11:28:42 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ds16gt.dll
[2011.12.04 11:28:40 | 000,385,100 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCRTD.DLL
[2011.12.04 11:28:36 | 000,929,844 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC42D.DLL
[2011.12.04 11:28:36 | 000,322,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC30.DLL
[2011.12.04 11:26:46 | 001,248,768 | ---- | C] (Softek Software Ltd) -- C:\Windows\SysWow64\SoftekBarcode.dll
[2011.12.04 11:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ELOoffice
[2011.12.04 11:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ELO Digital Office
[2011.12.02 23:20:37 | 000,000,000 | R--D | C] -- C:\Users\Peter\Dropbox
[2011.12.02 23:19:21 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.02 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2011.11.26 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Scans
[2011.11.26 12:29:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011.11.26 12:29:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Canon
[2011.03.24 23:05:42 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 08:19:01 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 08:19:01 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 08:11:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.23 08:10:23 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.22 22:34:54 | 000,018,141 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.zip
[2011.12.22 22:20:59 | 000,000,188 | ---- | M] () -- C:\Users\Peter\defogger_reenable
[2011.12.22 21:00:36 | 000,050,477 | ---- | M] () -- C:\Users\Peter\Desktop\Defogger.exe
[2011.12.22 20:05:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
[2011.12.22 20:05:36 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2011.12.22 19:02:35 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Peter\Desktop\aswMBR.exe
[2011.12.22 18:18:11 | 000,001,258 | ---- | M] () -- C:\Users\Peter\Desktop\Spybot - Search & Destroy.lnk
[2011.12.22 18:15:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.22 17:41:02 | 090,751,397 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011.12.22 16:28:23 | 004,348,461 | ---- | M] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2011.12.22 14:56:37 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.22 14:53:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.22 14:15:56 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.22 12:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2011.12.22 12:44:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 18:16:04 | 000,002,002 | -H-- | M] () -- C:\Users\Peter\Documents\Default.rdp
[2011.12.21 11:10:34 | 000,001,476 | ---- | M] () -- C:\Users\Peter\Desktop\2006.06
[2011.12.21 11:03:48 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular 2006-2007.lnk
[2011.12.20 10:35:17 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011.12.20 10:35:16 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011.12.20 10:35:16 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011.12.19 12:23:06 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.19 12:23:06 | 000,654,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.19 12:23:06 | 000,616,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.19 12:23:06 | 000,130,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.19 12:23:06 | 000,106,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.16 21:14:42 | 000,002,125 | ---- | M] () -- C:\Users\Peter\Desktop\Peter 2008.08
[2011.12.15 22:40:06 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk
[2011.12.15 13:33:57 | 000,171,924 | ---- | M] () -- C:\Users\Peter\Desktop\Mail Slip - 170723495493.pdf
[2011.12.14 17:15:44 | 000,351,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.08 22:05:07 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2011.12.08 21:18:03 | 000,004,153 | ---- | M] () -- C:\Users\Peter\Documents\ESt2009_Venne_Peter.elfo
[2011.12.08 21:02:02 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.08 08:03:06 | 000,000,997 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.08 08:03:05 | 000,001,017 | ---- | M] () -- C:\Users\Peter\Desktop\Dropbox.lnk
[2011.12.04 11:32:14 | 000,008,608 | ---- | M] () -- C:\Windows\SysWow64\sx_p2d.tlb
[2011.12.04 11:29:44 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\ELOoffice.lnk
[2011.12.04 11:28:53 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011.12.04 11:26:33 | 000,000,000 | ---- | M] () -- C:\Windows\FULINST.INI
[2011.12.02 20:13:12 | 000,112,216 | ---- | M] () -- C:\Users\Peter\Desktop\KHT_Bescheinigung.pdf
[2011.11.29 21:48:55 | 001,011,182 | ---- | M] () -- C:\Users\Peter\Desktop\xxx.pdf
[2011.11.29 13:56:56 | 001,788,147 | ---- | M] () -- C:\Users\Peter\Desktop\Arbeitszeugnis EXG.pdf
[2011.11.29 13:45:04 | 005,988,121 | ---- | M] () -- C:\Users\Peter\Desktop\xxx - Unterlagen.pdf
[2011.11.26 12:24:00 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2011.11.24 21:23:38 | 000,107,781 | ---- | M] () -- C:\Users\Peter\Desktop\Lebenslauf - 2011 - Rev1.pdf
[2011.11.24 00:01:38 | 000,044,379 | ---- | M] () -- C:\Users\Peter\Desktop\Anschreiben - November 23.pdf
 
========== Files Created - No Company Name ==========
 
[2011.12.22 22:34:54 | 000,018,141 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.zip
[2011.12.22 22:20:59 | 000,000,188 | ---- | C] () -- C:\Users\Peter\defogger_reenable
[2011.12.22 21:00:35 | 000,050,477 | ---- | C] () -- C:\Users\Peter\Desktop\Defogger.exe
[2011.12.22 20:05:36 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2011.12.22 18:18:11 | 000,001,258 | ---- | C] () -- C:\Users\Peter\Desktop\Spybot - Search & Destroy.lnk
[2011.12.22 14:56:37 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.22 14:56:37 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.12.22 14:53:57 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.22 12:44:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 11:10:34 | 000,001,476 | ---- | C] () -- C:\Users\Peter\Desktop\2006.06
[2011.12.21 11:03:48 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2006-2007.lnk
[2011.12.16 12:04:17 | 000,002,125 | ---- | C] () -- C:\Users\Peter\Desktop\Peter 2008.08
[2011.12.15 22:40:05 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk
[2011.12.15 13:33:57 | 000,171,924 | ---- | C] () -- C:\Users\Peter\Desktop\Mail Slip - 170723495493.pdf
[2011.12.08 22:05:07 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2011.12.08 21:17:59 | 000,004,153 | ---- | C] () -- C:\Users\Peter\Documents\ESt2009_Venne_Peter.elfo
[2011.12.08 21:02:02 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.04 11:32:14 | 000,008,608 | ---- | C] () -- C:\Windows\SysWow64\sx_p2d.tlb
[2011.12.04 11:29:44 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\ELOoffice.lnk
[2011.12.04 11:28:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.04 11:28:45 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll
[2011.12.04 11:28:45 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll
[2011.12.04 11:28:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll
[2011.12.04 11:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI
[2011.12.02 23:20:37 | 000,001,017 | ---- | C] () -- C:\Users\Peter\Desktop\Dropbox.lnk
[2011.12.02 23:19:32 | 000,000,997 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.02 20:12:51 | 000,112,216 | ---- | C] () -- C:\Users\Peter\Desktop\KHT_Bescheinigung.pdf
[2011.11.29 21:48:49 | 001,011,182 | ---- | C] () -- C:\Users\Peter\Desktop\xxx.pdf
[2011.11.29 13:56:53 | 001,788,147 | ---- | C] () -- C:\Users\Peter\Desktop\Arbeitszeugnis EXG.pdf
[2011.11.29 13:43:16 | 005,988,121 | ---- | C] () -- C:\Users\Peter\Desktop\xxx - Unterlagen.pdf
[2011.11.26 12:24:00 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2011.11.24 21:18:51 | 000,107,781 | ---- | C] () -- C:\Users\Peter\Desktop\Lebenslauf - 2011 - Rev1.pdf
[2011.11.24 00:01:37 | 000,044,379 | ---- | C] () -- C:\Users\Peter\Desktop\Anschreiben - November 23.pdf
[2011.09.28 04:44:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.09.28 04:42:38 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.02 19:18:19 | 000,000,600 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\winscp.rnd
[2011.05.26 02:51:13 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.26 02:51:13 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.26 02:50:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.24 23:05:43 | 000,139,776 | ---- | C] () -- C:\Windows\SysWow64\UserEdit.dll
[2011.03.24 23:05:21 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2011.03.24 23:05:19 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\tempautoupsys.exe
[2011.03.24 23:05:17 | 000,786,432 | ---- | C] () -- C:\Windows\SysWow64\QXSync.exe
[2010.12.09 04:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.11.20 05:10:31 | 000,000,877 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\coreavc.ini
[2009.10.30 03:00:23 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.10.30 02:57:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.30 02:50:35 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2009.10.30 02:49:59 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.30 02:49:59 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:054B9966

< End of report >
Code:
OTL Extras logfile created on: 23.12.2011 09:33:33 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Peter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,32% Memory free
8,00 Gb Paging File | 5,98 Gb Available in Paging File | 74,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105,10 Gb Total Space | 3,68 Gb Free Space | 3,50% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 2,07 Gb Free Space | 4,71% Space Free | Partition Type: NTFS
Drive E: | 111,78 Gb Total Space | 56,55 Gb Free Space | 50,59% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 1,27 Gb Free Space | 34,10% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"Alocet PDF Writer" = Alocet PDF Writer
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-64)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy
"{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}" = ELOoffice
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}" = ELO Pdf Drucker
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Ahnenblatt_is1" = Ahnenblatt 2.66
"AVG9Uninstall" = AVG Free 9.0
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Baldur's Gate II_is1" = Baldur's Gate II
"Baldur's Gate_is1" = Baldur's Gate
"Canon MX870 series Benutzerregistrierung" = Canon MX870 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ConsideoModeler" = Consideo Modeler - Consideo GmbH
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Divine Wind_is1" = Divine Wind version 5.1
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"ffdshow" = ffdshow (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"G3QP231012008_is1" = Questpaket 4 Deinstallation
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HaaliMkx" = Haali Media Splitter
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MKVtoolnix" = MKVtoolnix 4.0.0
"Mount&Blade Warband" = Mount&Blade Warband
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Neffy" = Neffy 1,3,29,0
"Office14.PRJPRO" = Microsoft Project Professional 2010
"pdfsam" = pdfsam
"Personal Video Database_is1" = Personal Video Database 0.9.9.21
"Picasa 3" = Picasa 3
"QuickPar" = QuickPar 0.9
"QXpress Version 10.0" = QXpress Version 10.0
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SopCast" = SopCast 3.3.2
"Speed Dial Utility" = Canon Kurzwahlprogramm
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 6" = TeamViewer 6
"Total CMA Pack" = Total CMA Pack 0.50
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3-rc
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp (nur entfernen)
"WinGimp-2.0_is1" = GIMP 2.6.11
"winscp3_is1" = WinSCP 4.3.3
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2011 04:29:20 | Computer Name = Peter-PC | Source = RasClient | ID = 20227
Description =
 
Error - 09.12.2011 04:30:41 | Computer Name = Peter-PC | Source = RasClient | ID = 20227
Description =
 
Error - 09.12.2011 04:38:12 | Computer Name = Peter-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GrabIt.exe, Version: 1.7.2.997, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0x00000000  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x11fc  Startzeit der fehlerhaften Anwendung: 0x01ccb64d70bd59b0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GrabIt\GrabIt.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 20ddd5ae-2241-11e1-aeb3-001b2464e0f2
 
Error - 09.12.2011 05:04:32 | Computer Name = Peter-PC | Source = RasClient | ID = 20227
Description =
 
Error - 10.12.2011 04:02:44 | Computer Name = Peter-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 10.12.2011 04:04:42 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.12.2011 04:05:13 | Computer Name = Peter-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10.12.2011 05:01:12 | Computer Name = Peter-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 10.12.2011 05:06:30 | Computer Name = Peter-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 10.12.2011 05:06:44 | Computer Name = Peter-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\personal video database\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\personal video database\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ OSession Events ]
Error - 14.04.2011 12:15:02 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 173
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.12.2011 17:23:06 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%577
 
Error - 22.12.2011 17:23:09 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 22.12.2011 17:24:59 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 23.12.2011 03:10:39 | Computer Name = Peter-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 23.12.2011 03:11:19 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 23.12.2011 03:11:39 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%577
 
Error - 23.12.2011 03:11:43 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.12.2011 03:11:43 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%577
 
Error - 23.12.2011 03:11:46 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.12.2011 03:40:41 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
Code:
7-Zip 4.65 (x64 edition)        Igor Pavlov        18.11.2009        2,83 MB        4.65.00.0
AC3Filter 1.63b        Alexander Vigovsky        19.11.2009                1.63b
Adobe Flash Player 10 Plugin 64-bit        Adobe Systems Incorporated        21.06.2011        6,00 MB        10.3.162.28
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        21.12.2011        6,00 MB        11.1.102.55
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        21.12.2011        6,00 MB        11.1.102.55
Adobe Reader 9.4.7 - Deutsch        Adobe Systems Incorporated        21.12.2011        168,1 MB        9.4.7
Ahnenblatt 2.66        Dirk Boettcher        01.09.2011        10,4 MB        2.66.0.0
AKVIS Sketch        AKVIS        14.12.2011        32,3 MB        12.0.2209.7519
Alocet PDF Writer                23.03.2011               
Apple Application Support        Apple Inc.        21.04.2011        51,0 MB        1.5.1
Apple Mobile Device Support        Apple Inc.        25.03.2011        22,4 MB        3.4.0.25
Apple Software Update        Apple Inc.        09.09.2010        2,26 MB        2.1.2.120
ATI Catalyst Install Manager        ATI Technologies, Inc.        15.12.2010        22,4 MB        3.0.804.0
AVG Free 9.0        AVG Technologies        29.10.2009               
Avidemux 2.5                08.07.2011                2.5.4.7200
Baldur's Gate        GOG.com        22.04.2011               
Baldur's Gate II        GOG.com        23.04.2011               
Bonjour        Apple Inc.        21.04.2011        1,79 MB        2.0.5.0
calibre        Kovid Goyal        21.08.2011        119,7 MB        0.8.15
Canon Kurzwahlprogramm                14.11.2011               
Canon MP Navigator EX 3.1                25.11.2011               
Canon MX870 series Benutzerregistrierung                14.11.2011               
Canon MX870 series MP Drivers                14.11.2011               
Canon Utilities My Printer                14.11.2011               
Canon Utilities Solution Menu                14.11.2011               
CCleaner        Piriform        29.10.2010                3.00
CDBurnerXP        CDBurnerXP        16.09.2010        11,7 MB        4.3.7.2356
Consideo Modeler - Consideo GmbH                25.10.2010               
CoreAVC Professional Edition (remove only)                19.11.2009               
CutePDF Writer 2.8                18.12.2010               
Divine Wind version 5.1        Paradox Interactive        28.07.2011        179,1 MB        5.1
Dragon Age: Origins        Electronic Arts, Inc.        19.11.2009                1.01
Dropbox        Dropbox, Inc.        07.12.2011                1.2.49
ELO Pdf Drucker        ELO Digital Office GmbH        03.12.2011                6.0
ELOoffice        ELO Digital Office GmbH        03.12.2011                9.0
ElsterFormular        Landesfinanzdirektion Thüringen        07.12.2011                12.4.0.7094p
ElsterFormular 2006/2007        Steuerverwaltung des Bundes und der Länder        20.12.2011                8.3.0.0
ElsterFormular 2008 - 2009        Landesfinanzdirektion Thüringen        07.12.2011        125.187 MB        2008-2009
ESET Online Scanner v3                21.12.2011               
Europa Universalis III                28.07.2011               
Fallout Mod Manager 0.12.6        Timeslip, Q        19.10.2010        3,88 MB       
ffdshow (remove only)                29.10.2009               
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        09.02.2011        10,4 MB       
Free YouTube to MP3 Converter version 3.9.33        DVDVideoSoft Limited.        09.02.2011        37,7 MB       
GIMP 2.6.11        The GIMP Team        04.08.2011        107,7 MB        2.6.11
GrabIt 1.7.2 Beta 4 (build 997)        Ilan Shemes        16.11.2009               
Haali Media Splitter                18.11.2009               
HashCheck Shell Extension (x86-32)        Kai Liu        12.07.2011                2.1.11.1
HashCheck Shell Extension (x86-64)        Kai Liu        12.07.2011                2.1.11.1
Intel(R) PROSet/Wireless WiFi-Software        Intel Corporation        07.11.2009        117,3 MB        13.00.0000
IrfanView (remove only)        Irfan Skiljan        01.10.2010        1,50 MB        4.27
iTunes        Apple Inc.        21.04.2011        144,9 MB        10.2.2.12
Java(TM) 6 Update 21 (64-bit)        Oracle        11.09.2010        90,5 MB        6.0.210
Java(TM) 6 Update 30        Sun Microsystems, Inc.        29.09.2010        94,5 MB        6.0.300
Java(TM) SE Development Kit 6 Update 21 (64-bit)        Oracle        11.09.2010        129,9 MB        1.6.0.210
Logitech Harmony Remote Software        Logitech        31.01.2011                0.6.0201
LogMeIn        LogMeIn, Inc.        29.10.2009        38,6 MB        4.0.982
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        21.12.2011        13,8 MB        1.51.2.1300
Media Player Classic - Home Cinema v. 1.3.1249.0                19.11.2009               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        04.09.2010        38,8 MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        04.09.2010        2,94 MB        4.0.30319
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        05.05.2011        31,3 MB        3.5.88.0
Microsoft Games for Windows Marketplace        Microsoft Corporation        05.05.2011        6,04 MB        3.5.50.0
Microsoft IntelliPoint 8.1        Microsoft        17.05.2011                8.15.406.0
Microsoft Office Enterprise 2007        Microsoft Corporation        31.10.2009                12.0.6425.1000
Microsoft Office File Validation Add-In        Microsoft Corporation        14.09.2011        7,95 MB        14.0.5130.5003
Microsoft Project Professional 2010        Microsoft Corporation        12.11.2011                14.0.6029.1000
Microsoft Silverlight        Microsoft Corporation        10.10.2011        168,4 MB        4.0.60831.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29 MB        8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        25.09.2010        0,20 MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        14.04.2011        0,58 MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        31.01.2011        1,42 MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        07.12.2011        0,23 MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        25.09.2010        0,58 MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,59 MB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        23.04.2011        13,7 MB        10.0.30319
MKVtoolnix 4.0.0        Moritz Bunkus        07.09.2010                4.0.0
Mount&Blade Warband                25.07.2011               
MozBackup 1.4.9        Pavel Cvrcek        29.10.2009               
Mozilla Firefox 9.0.1 (x86 de)        Mozilla        21.12.2011        42,7 MB        9.0.1
MSXML 4.0 SP3 Parser        Microsoft Corporation        21.12.2011        1,48 MB        4.30.2100.0
Neffy 1,3,29,0        CDNetworks        31.10.2010                1,3,29,0
NVIDIA Grafiktreiber 260.99        NVIDIA Corporation        26.10.2010                260.99
NVIDIA PhysX-Systemsoftware 260.99        NVIDIA Corporation        26.10.2010                260.99
Pando Media Booster        Pando Networks Inc.        13.09.2010        5,47 MB        2.3.4.3
PDFCreator        Frank Heindörfer, Philip Chinery        06.08.2011                1.2.2
pdfsam                02.11.2011                2.2.1
Personal Video Database 0.9.9.21        Nostradamus        16.01.2011        27,9 MB       
Picasa 3        Google, Inc.        17.12.2010                3.8
Questpaket 4 Deinstallation        Humanforce        29.10.2009                4.0.0.0
QuickPar 0.9        Peter B. Clements        16.11.2009                0.9
QuickTime        Apple Inc.        15.02.2011        73,7 MB        7.69.80.9
QXpress Version 10.0        Alocet Incorporated        23.03.2011                8.00.00
Secunia PSI (2.0.0.4003)        Secunia        21.12.2011        3,47 MB        2.0.0.4003
Sid Meier's Civilization 4        Firaxis Games        01.10.2010                1.74
Sid Meier's Civilization 4 - Beyond the Sword        Firaxis Games        01.10.2010                3.19
Skype Click to Call        Skype Technologies S.A.        28.10.2011        12,6 MB        5.6.8442
Skype™ 5.5        Skype Technologies S.A.        28.10.2011        17,0 MB        5.5.124
SopCast 3.3.2        www.sopcast.com        26.12.2010                3.3.2
Spybot - Search & Destroy        Safer Networking Limited        21.12.2011                1.6.2
Subtitle Workshop 2.51                12.12.2009               
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49        eRightSoft        27.09.2011        42,7 MB        v2011.build.49
TeamViewer 6        TeamViewer GmbH        03.06.2011                6.0.10722
ThreatFire        PC Tools        17.11.2011               
Total CMA Pack 0.50        CMA        29.10.2009                0.50
Uninstall 1.0.0.1                09.02.2011        10,4 MB       
Visual C++ 8.0 Runtime Setup Package (x64)        AVG Technologies CZ, s.r.o.        29.10.2009        2,24 MB        9.0.0.623
VLC media player 1.0.3-rc        VideoLAN Team        29.10.2009                1.0.3-rc
VobSub v2.23 (Remove Only)                16.04.2011               
Winamp (nur entfernen)                29.10.2009               
Windows Live ID Sign-in Assistant        Microsoft Corporation        10.12.2010        10,0 MB        6.500.3165.0
Windows Media Player Firefox Plugin        Microsoft Corp        31.10.2009        0,29 MB        1.0.0.8
WinRAR archiver                29.10.2009               
WinSCP 4.3.3        Martin Prikryl        01.07.2011        8,08 MB        4.3.3
World of Warcraft        Blizzard Entertainment        13.12.2010                4.0.0.12911
Xvid 1.2.2 final uninstall        Xvid team (Koepi)        29.10.2009                1.2
YouTube Downloader 3.3        BienneSoft        27.09.2011               
µTorrent                29.10.2009                1.8.4

kira 24.12.2011 06:51
1.
Hast Du absichtlich die IP im Firefox so als Proxy eingestellt? Wenn ja, warum?
FF - prefs.js..network.proxy.http: "137.226.138.156"
FF - prefs.js..network.proxy.http_port: 3128
Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

2.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
[2011.09.20 03:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.20 03:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ff60050-c4ff-11de-a361-001b2464e0f2}\Shell - "" = AutoRun
O33 - MountPoints2\{4ff60050-c4ff-11de-a361-001b2464e0f2}\Shell\AutoRun\command - "" = H:\Start.exe
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:054B9966

:Commands
[purity]
[emptytemp]

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

9.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
C:\Qoobox
oder C:\ComboFix.txt
(alle vorhandenen Protokolle!)
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Hedonist 26.12.2011 21:45
1. Proxyeinstellung hatte ich nicht vorgenommen. Keine Ahnung was das ist. Ist aber nun deaktiviert.

2. Adobe Reader hatte ich bereits vorher auf den neusten Stand gebracht.

3. Alles klar, System mit CCleaner gereinigt.

4. OTL mit Script ausgeführt, Neustart und hier ist das Textdokument:
Code:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ff60050-c4ff-11de-a361-001b2464e0f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ff60050-c4ff-11de-a361-001b2464e0f2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ff60050-c4ff-11de-a361-001b2464e0f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ff60050-c4ff-11de-a361-001b2464e0f2}\ not found.
File H:\Start.exe not found.
ADS C:\ProgramData\TEMP:054B9966 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 1078 bytes
->Temporary Internet Files folder emptied: 262546 bytes
->Java cache emptied: 5153617 bytes
->FireFox cache emptied: 40499985 bytes
->Flash cache emptied: 8114643 bytes
 
User: Pictures
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 208 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50498 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 52,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12242011_101652

Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
5. Superantispyware Scan durchgeführt:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/24/2011 at 11:24 AM

Application Version : 5.0.1142

Core Rules Database Version : 8087
Trace Rules Database Version: 5899

Scan type      : Complete Scan
Total Scan Time : 00:53:32

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 712
Memory threats detected  : 0
Registry items scanned    : 71502
Registry threats detected : 0
File items scanned        : 55671
File threats detected    : 1

Trojan.Agent/Gen-Sisproc
        D:\BG\BGII - SOA\BIG WORLD DOWNLOADS\DEFJAM_V6.EXE
7. ESET Online scan laufen gelasse - nichts gefunden

8. OTL nochmals mit den von dir genannten Einstellungen laufen gelassen. Dabei kam aber nur das OTL log heraus. Kein Extra log.
Code:
OTL logfile created on: 24.12.2011 15:07:37 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Peter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 48,40% Memory free
8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105,10 Gb Total Space | 4,76 Gb Free Space | 4,53% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 4,71 Gb Free Space | 10,73% Space Free | Partition Type: NTFS
Drive E: | 111,78 Gb Total Space | 58,71 Gb Free Space | 52,52% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 1,27 Gb Free Space | 34,10% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.22 14:19:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.12.22 12:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.24 13:57:25 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010.09.05 21:06:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.22 18:15:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.12.22 14:19:45 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.08.09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.20 10:36:04 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011.12.20 10:35:15 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.11.08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010.09.08 20:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.09.05 21:06:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.20 10:35:17 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011.09.11 18:45:22 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011.04.13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.05 21:06:13 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009.12.11 00:43:53 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.30 04:09:03 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.10.30 04:09:00 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.09.15 12:34:20 | 006,816,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008.08.11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2007.03.28 07:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2005.01.03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 31 1F C7 EC B1 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..network.proxy.http: "137.226.138.156"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIE6C2~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIE6C2~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3-rc: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.22 14:19:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.13 22:07:55 | 000,000,000 | ---D | M]
 
[2009.10.30 02:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2011.12.23 18:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions
[2011.12.08 23:08:55 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011.04.05 02:33:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2010.09.05 21:09:10 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
[2011.07.05 22:25:35 | 000,000,000 | ---D | M] ("FacebookBlocker") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2pgd8y4e.default\extensions\facebookBlocker@webgraph.com
[2011.12.22 15:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.29 19:30:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.22 15:04:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2PGD8Y4E.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.12.22 14:19:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.20 03:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.20 03:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.20 03:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.20 03:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2009.11.16 21:25:14 | 000,000,863 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      www.newsleecher.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIE6C2~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ABAC106-146A-41C0-AF0C-D84549F12A95}: DhcpNameServer = 195.50.140.118 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4A4A2F8-9C69-4EB0-BB85-29558E84B414}: NameServer = 195.50.140.118 195.50.140.180
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.24 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.24 10:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.24 10:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.24 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.24 10:16:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.22 20:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.22 20:05:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
[2011.12.22 19:02:21 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Peter\Desktop\aswMBR.exe
[2011.12.22 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.22 16:27:47 | 004,348,461 | ---- | C] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2011.12.22 15:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.22 15:04:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.22 15:04:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.22 15:04:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.22 14:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.12.22 14:56:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Secunia PSI
[2011.12.22 14:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011.12.22 12:47:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2011.12.22 12:44:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2011.12.22 12:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.22 12:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.22 12:44:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.22 12:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.22 12:19:06 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.22 12:18:50 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\edbc5963
[2011.12.21 11:03:07 | 000,000,000 | ---D | C] -- C:\ElsterFormular
[2011.12.17 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\dvdcss
[2011.12.15 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AKVIS
[2011.12.15 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.15 22:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKVIS
[2011.12.15 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AKVIS
[2011.12.14 14:13:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.14 14:13:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.14 14:13:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.14 14:13:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.14 14:13:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.14 14:13:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.14 14:13:38 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.14 14:13:38 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.14 14:13:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.14 14:13:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.14 14:13:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.14 10:56:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.14 10:55:56 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.14 10:55:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.08 23:08:25 | 000,000,000 | ---D | C] -- C:\Users\Peter\ElsterFormular
[2011.12.08 21:10:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\elsterformular
[2011.12.08 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011.12.08 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.12.08 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.12.04 11:39:51 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Elo
[2011.12.04 11:30:50 | 000,887,808 | ---- | C] (ELO Digital Office GmbH) -- C:\Windows\SysNative\EloPrinterX64Cfg.dll
[2011.12.04 11:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELOoffice
[2011.12.04 11:28:45 | 000,600,064 | ---- | C] (ELO Digital Office GmbH) -- C:\Windows\SysWow64\ELOHTML.ocx
[2011.12.04 11:28:45 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2011.12.04 11:28:43 | 001,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2011.12.04 11:28:43 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\threed.vbx
[2011.12.04 11:28:43 | 000,026,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc16gt.dll
[2011.12.04 11:28:43 | 000,011,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.cpl
[2011.12.04 11:28:42 | 000,253,952 | ---- | C] (Apex Software Corporation) -- C:\Windows\SysWow64\grdkrn32.dll
[2011.12.04 11:28:42 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ds16gt.dll
[2011.12.04 11:28:40 | 000,385,100 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCRTD.DLL
[2011.12.04 11:28:36 | 000,929,844 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC42D.DLL
[2011.12.04 11:28:36 | 000,322,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC30.DLL
[2011.12.04 11:26:46 | 001,248,768 | ---- | C] (Softek Software Ltd) -- C:\Windows\SysWow64\SoftekBarcode.dll
[2011.12.04 11:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ELOoffice
[2011.12.04 11:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ELO Digital Office
[2011.12.02 23:20:37 | 000,000,000 | R--D | C] -- C:\Users\Peter\Dropbox
[2011.12.02 23:19:21 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.02 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2011.11.26 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Scans
[2011.11.26 12:29:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011.11.26 12:29:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Canon
[2011.03.24 23:05:42 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.24 11:35:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.24 11:35:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.24 11:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.24 11:27:13 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.24 10:25:03 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.24 09:35:25 | 090,827,720 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011.12.23 15:23:31 | 000,002,002 | -H-- | M] () -- C:\Users\Peter\Documents\Default.rdp
[2011.12.22 22:34:54 | 000,018,141 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.zip
[2011.12.22 22:20:59 | 000,000,188 | ---- | M] () -- C:\Users\Peter\defogger_reenable
[2011.12.22 21:00:36 | 000,050,477 | ---- | M] () -- C:\Users\Peter\Desktop\Defogger.exe
[2011.12.22 20:05:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
[2011.12.22 20:05:36 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2011.12.22 19:02:35 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Peter\Desktop\aswMBR.exe
[2011.12.22 18:18:11 | 000,001,258 | ---- | M] () -- C:\Users\Peter\Desktop\Spybot - Search & Destroy.lnk
[2011.12.22 18:15:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.22 16:28:23 | 004,348,461 | ---- | M] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2011.12.22 14:56:37 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.22 14:53:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.22 14:15:56 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.22 12:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2011.12.22 12:44:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 11:10:34 | 000,001,476 | ---- | M] () -- C:\Users\Peter\Desktop\2006.06
[2011.12.21 11:03:48 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular 2006-2007.lnk
[2011.12.20 10:35:17 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011.12.20 10:35:16 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011.12.20 10:35:16 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011.12.19 12:23:06 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.19 12:23:06 | 000,654,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.19 12:23:06 | 000,616,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.19 12:23:06 | 000,130,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.19 12:23:06 | 000,106,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.16 21:14:42 | 000,002,125 | ---- | M] () -- C:\Users\Peter\Desktop\Peter 2008.08
[2011.12.15 22:40:06 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk
[2011.12.15 13:33:57 | 000,171,924 | ---- | M] () -- C:\Users\Peter\Desktop\Mail Slip - 170723495493.pdf
[2011.12.14 17:15:44 | 000,351,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.08 22:05:07 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2011.12.08 21:18:03 | 000,004,153 | ---- | M] () -- C:\Users\Peter\Documents\ESt2009_Venne_Peter.elfo
[2011.12.08 21:02:02 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.08 08:03:06 | 000,000,997 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.08 08:03:05 | 000,001,017 | ---- | M] () -- C:\Users\Peter\Desktop\Dropbox.lnk
[2011.12.04 11:32:14 | 000,008,608 | ---- | M] () -- C:\Windows\SysWow64\sx_p2d.tlb
[2011.12.04 11:29:44 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\ELOoffice.lnk
[2011.12.04 11:28:53 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011.12.04 11:26:33 | 000,000,000 | ---- | M] () -- C:\Windows\FULINST.INI
[2011.12.02 20:13:12 | 000,112,216 | ---- | M] () -- C:\Users\Peter\Desktop\KHT_Bescheinigung.pdf
[2011.11.29 21:48:55 | 001,011,182 | ---- | M] () -- C:\Users\Peter\Desktop\9363652.pdf
[2011.11.29 13:56:56 | 001,788,147 | ---- | M] () -- C:\Users\Peter\Desktop\Arbeitszeugnis EXG.pdf
[2011.11.29 13:45:04 | 005,988,121 | ---- | M] () -- C:\Users\Peter\Desktop\PeterV - Unterlagen.pdf
[2011.11.26 12:24:00 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2011.11.24 21:23:38 | 000,107,781 | ---- | M] () -- C:\Users\Peter\Desktop\Lebenslauf - 2011 - Rev1.pdf
 
========== Files Created - No Company Name ==========
 
[2011.12.24 10:25:03 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.22 22:34:54 | 000,018,141 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.zip
[2011.12.22 22:20:59 | 000,000,188 | ---- | C] () -- C:\Users\Peter\defogger_reenable
[2011.12.22 21:00:35 | 000,050,477 | ---- | C] () -- C:\Users\Peter\Desktop\Defogger.exe
[2011.12.22 20:05:36 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2011.12.22 18:18:11 | 000,001,258 | ---- | C] () -- C:\Users\Peter\Desktop\Spybot - Search & Destroy.lnk
[2011.12.22 14:56:37 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.22 14:56:37 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.12.22 14:53:57 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.22 12:44:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 11:10:34 | 000,001,476 | ---- | C] () -- C:\Users\Peter\Desktop\2006.06
[2011.12.21 11:03:48 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2006-2007.lnk
[2011.12.16 12:04:17 | 000,002,125 | ---- | C] () -- C:\Users\Peter\Desktop\Peter 2008.08
[2011.12.15 22:40:05 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk
[2011.12.15 13:33:57 | 000,171,924 | ---- | C] () -- C:\Users\Peter\Desktop\Mail Slip - 170723495493.pdf
[2011.12.08 22:05:07 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2011.12.08 21:17:59 | 000,004,153 | ---- | C] () -- C:\Users\Peter\Documents\ESt2009_Venne_Peter.elfo
[2011.12.08 21:02:02 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.04 11:32:14 | 000,008,608 | ---- | C] () -- C:\Windows\SysWow64\sx_p2d.tlb
[2011.12.04 11:29:44 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\ELOoffice.lnk
[2011.12.04 11:28:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.04 11:28:45 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll
[2011.12.04 11:28:45 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll
[2011.12.04 11:28:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll
[2011.12.04 11:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI
[2011.12.02 23:20:37 | 000,001,017 | ---- | C] () -- C:\Users\Peter\Desktop\Dropbox.lnk
[2011.12.02 23:19:32 | 000,000,997 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.02 20:12:51 | 000,112,216 | ---- | C] () -- C:\Users\Peter\Desktop\KHT_Bescheinigung.pdf
[2011.11.29 21:48:49 | 001,011,182 | ---- | C] () -- C:\Users\Peter\Desktop\9363652.pdf
[2011.11.29 13:56:53 | 001,788,147 | ---- | C] () -- C:\Users\Peter\Desktop\Arbeitszeugnis EXG.pdf
[2011.11.29 13:43:16 | 005,988,121 | ---- | C] () -- C:\Users\Peter\Desktop\PeterV - Unterlagen.pdf
[2011.11.26 12:24:00 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2011.11.24 21:18:51 | 000,107,781 | ---- | C] () -- C:\Users\Peter\Desktop\Lebenslauf - 2011 - Rev1.pdf
[2011.09.28 04:44:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.09.28 04:42:38 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.02 19:18:19 | 000,000,600 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\winscp.rnd
[2011.05.26 02:51:13 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.26 02:51:13 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.26 02:50:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.24 23:05:43 | 000,139,776 | ---- | C] () -- C:\Windows\SysWow64\UserEdit.dll
[2011.03.24 23:05:21 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2011.03.24 23:05:19 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\tempautoupsys.exe
[2011.03.24 23:05:17 | 000,786,432 | ---- | C] () -- C:\Windows\SysWow64\QXSync.exe
[2010.12.09 04:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.11.20 05:10:31 | 000,000,877 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\coreavc.ini
[2009.10.30 03:00:23 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.10.30 02:57:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.30 02:50:35 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2009.10.30 02:49:59 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.30 02:49:59 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2010.09.30 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\.minecraft
[2011.09.02 19:30:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Ahnenblatt
[2011.07.09 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\avidemux
[2011.08.22 02:43:38 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\calibre
[2010.09.17 12:37:39 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canneverbe Limited
[2011.11.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon
[2011.12.24 09:46:26 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
[2011.01.16 23:22:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DirectoryListPrintPro
[2011.12.24 11:29:07 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2011.02.10 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.08 21:10:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\elsterformular
[2010.09.06 15:52:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GrabIt
[2011.08.07 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\gtk-2.0
[2009.10.30 02:58:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IrfanView
[2010.09.14 16:27:45 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LolClient
[2010.09.08 02:48:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mkvtoolnix
[2010.10.02 02:57:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\My Games
[2009.11.16 21:45:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\NewsLeecher
[2011.01.16 23:52:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Personal Video Database
[2010.09.10 02:57:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SharePod
[2011.06.04 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TeamViewer
[2010.09.07 13:01:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Teleca
[2011.12.24 09:46:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\uTorrent
[2011.12.22 08:45:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
9. Den Punkt verstehe ich nicht. Soll ich combofix ausführen? Bislang habe ich diesbezüglich immer den "Mach das bloß nicht einfach so" disclaimer gesehen.

Vielen Dank schon mal! Ich hoffe wir kommen dem Problem "näher" :applaus:

kira 27.12.2011 06:07
Zitat:
Zitat von Hedonist (Beitrag 741772)

9. Den Punkt verstehe ich nicht. Soll ich combofix ausführen? Bislang habe ich diesbezüglich immer den "Mach das bloß nicht einfach so" disclaimer gesehen.
ja, das stimmt. allerdings ist schon auf dein Rechner installiert...hast Du es laufen lassen, wenn ja, das Protokoll möchte ich sehen

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Hedonist 27.12.2011 08:37
Installiert habe ich combo fix, aber eben nur installiert.

Grundsätzlich läuft das System stabil ohne irgendwelche Probleme.

aswMBR und AVG melden jedoch weiterhin

C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen

****Update: Ich konnte nun mit AVG die consrv.dll in die Quarantäne verschieben

Also soll ich combo fix anwerfen? Irgendwelche Einstellungen beachten?

Danke,
Hedonist

:heilig:

kira 28.12.2011 04:18
ComboFix liegt auf dein Desktop? dann mußt nochmal es nicht herunterladen, sondern nur starten:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..network.proxy.http: "137.226.138.156"
FF - prefs.js..network.proxy.http_port: 3128
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
:Commands
[purity]
[emptytemp]

2.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

3.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows 2000 (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise
  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte vorher fragen.
  • Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
    Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131