Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei Trojaner/ Vista (https://www.trojaner-board.de/111530-bundespolizei-trojaner-vista.html)

Sasasasa 14.03.2012 23:38
Bundespolizei Trojaner/ Vista
 
Hallo zusammen,

ich hab ein riesen Problem mit dem bekannten Bundespolizei trojaner.
Über die Suchfunktion habe ich schon viel gelesen und viel probiert nur bin ich einfach am verzweifeln.

Ich hab als allererstes mit AntiV Rescue gearbeitet dann mir Kaspersky10 und trotzdem ist das Ding noch drauf. Über Google habe ich dann von der Shell Datei erfahren welche explorer.exe als Pfad haben muss. Dies ist bei mir schon drin gestanden. Abgesicherter Modus funktioniert bei mir ich lasse jetzt grad den Scan mit ESET laufen. hab absolut keine Ahnung was ich da genau machen ich befolge einfach die Schritte welche hier drin stehen wenn man einen Threat eröffnet.

Ich würde ja das System platt machen aber das wäre für mich eine Katastrophe. Es sind sehr wichtige Sachen drauf.

Habt ihr mir ne Lösung?

Sasasasa 15.03.2012 07:55
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=26e54181737e6a4ba991611a6926da21
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-14 11:14:39
# local_time=2012-03-15 12:14:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 94 346852 68301044 860670 0
# compatibility_mode=5892 16776573 100 100 80197333 169296951 0 0
# compatibility_mode=8192 67108863 100 0 3726 3726 0 0
# scanned=103254
# found=5
# cleaned=0
# scan_time=2655
C:\Users\User\AppData\Local\Temp\Inc.class        a variant of Java/Exploit.CVE-2011-3544.BA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4f0f87ae-599ebc14        a variant of Java/Exploit.CVE-2011-3544.BA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\User\Downloads\SoftonicDownloader_fuer_solid-converter-pdf.exe        a variant of Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I
C:\Users\User\Downloads\SweetImSetup.exe        a variant of Win32/SweetIM.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\User\Local Settings\Temp\msbiuflj.scr        Win32/TrojanDownloader.Agent.RAG trojan (unable to clean)        00000000000000000000000000000000        I

Sasasasa 15.03.2012 13:37
Hi nochmal, ich habe jetzt OTLPE durchlaufen lassen den Text welchen man bei Scan/Fixes eingibt eingegeben. So nun ist es abgeschlossen aber ich kann unter Reatogo kein USB Stick anschließen um die Daten drauf zu safen. es wird nix erkannt?

Was soll ich denn nun machen?

Internet Zugang über den Infizierten-Rechner bekomme ich auch nicht hin.

Sasasasa 15.03.2012 18:07
Code:
OTL logfile created on: 3/15/2012 6:55:57 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 166.02 Gb Total Space | 165.68 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive G: | 169.33 Gb Total Space | 111.27 Gb Free Space | 65.71% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/02/27 15:24:32 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto] -- G:\Windows\Installer\MSI599F.tmp -- (SCPDFReadSpool)
SRV - [2012/01/13 09:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/28 16:58:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 10:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/04 07:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- G:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- G:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/18 04:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- G:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/12/10 10:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/28 16:58:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 16:58:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- G:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/11/18 12:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\gtstusbser.sys -- (gtstusbser)
DRV - [2008/04/24 08:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/02/10 00:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- G:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 20:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- G:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006/12/27 11:41:00 | 000,245,248 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/30 18:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- G:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\User_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\User_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\User_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\User_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 14 53 56 A9 60 CB 01  [binary data]
IE - HKU\User_ON_G\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\User_ON_G\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\User_ON_G\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\User_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: G:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: G:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: G:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 12:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 13:59:51 | 000,000,000 | ---D | M]
 
[2011/12/04 13:59:52 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2012/02/20 12:10:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/15 10:58:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/07 16:47:06 | 000,001,392 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/07 16:47:06 | 000,002,252 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/07 16:47:06 | 000,001,153 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/07 16:47:06 | 000,006,805 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/07 16:47:06 | 000,001,178 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/07 16:47:06 | 000,001,105 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - G:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\User_ON_G\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - G:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\User_ON_G\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] G:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] G:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] G:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] G:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] G:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_G..\Run: [WindowsWelcomeCenter] G:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\Run: [WindowsWelcomeCenter] G:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\User_ON_G..\Run: []  File not found
O4 - HKU\User_ON_G..\Run: [GMX_GMX MultiMessenger] G:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE (GMX GmbH)
O4 - HKU\User_ON_G..\Run: [MyWirelessCard] G:\Program Files\Mobile Partner Manager\iCON 210\Mobile Partner Manager.exe ()
O4 - HKU\User_ON_G..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\User_ON_G..\RunOnce: [FlashPlayerUpdate] G:\Windows\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: Error locating startup folders.
F3 - HKU\User_ON_G WinNT: Load - (C:\Users\User\LOCALS~1\Temp\msbiuflj.scr) - G:\Users\User\Local Settings\Temp\msbiuflj.scr (Free Software Foundation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\User_ON_G Winlogon: Shell - (Explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/15 14:47:58 | 000,000,000 | ---D | C] -- G:\_OTL
[2012/03/14 18:28:17 | 000,000,000 | ---D | C] -- G:\Program Files\ESET
[2012/03/10 16:07:51 | 000,000,000 | ---D | C] -- G:\Users\User\AppData\Roaming\Malwarebytes
[2012/03/10 16:07:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2012/03/10 16:07:46 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/10 16:07:46 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2012/03/10 16:07:46 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2012/03/04 18:53:00 | 000,000,000 | ---D | C] -- G:\Users\User\AppData\Roaming\kodak
[2012/03/02 16:39:06 | 000,000,000 | ---D | C] -- G:\Users\User\Desktop\Neuer Ordner (2)
[2012/03/02 16:03:06 | 000,000,000 | ---D | C] -- G:\Users\User\Desktop\Neuer Ordner
[2012/02/27 15:28:26 | 000,000,000 | ---D | C] -- G:\Program Files\MSECache
[2012/02/27 15:27:12 | 000,000,000 | ---D | C] -- G:\Users\User\AppData\Roaming\SolidDocuments
[2012/02/27 15:24:32 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
[2012/02/27 15:24:27 | 000,000,000 | ---D | C] -- G:\Program Files\SolidDocuments
[2012/02/27 15:24:19 | 000,000,000 | ---D | C] -- G:\ProgramData\SolidDocuments
[2012/02/27 15:23:41 | 026,687,304 | ---- | C] (Solid Documents, LLC) -- G:\Users\User\Desktop\solidconverterpdf_7.1.exe
[2011/06/17 18:37:05 | 000,109,354 | ---- | C] (Microsoft Corporation) -- G:\Users\User\AppData\Roaming\MSWINSCK.OCX
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/15 07:43:55 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2012/03/14 18:27:10 | 000,617,382 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2012/03/14 18:27:10 | 000,586,568 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2012/03/14 18:27:10 | 000,122,246 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2012/03/14 18:27:10 | 000,100,640 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2012/03/14 18:00:41 | 000,003,760 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 18:00:41 | 000,003,760 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 18:00:40 | 000,000,012 | ---- | M] () -- G:\Windows\bthservsdp.dat
[2012/03/14 17:55:40 | 000,001,090 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 17:55:30 | 000,150,792 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2012/03/14 10:35:49 | 000,001,094 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/10 16:07:47 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/07 10:20:36 | 000,000,680 | ---- | M] () -- G:\Users\User\AppData\Local\d3d9caps.dat
[2012/02/27 15:24:32 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
[2012/02/27 15:24:12 | 026,687,304 | ---- | M] (Solid Documents, LLC) -- G:\Users\User\Desktop\solidconverterpdf_7.1.exe
 
========== Files Created - No Company Name ==========
 
[2012/02/27 15:24:35 | 000,027,976 | ---- | C] () -- G:\Windows\System32\solidlocalmon.dll
[2012/02/27 15:24:35 | 000,019,272 | ---- | C] () -- G:\Windows\System32\solidlocalui.dll
[2010/10/10 19:51:43 | 000,000,056 | -H-- | C] () -- G:\ProgramData\ezsidmv.dat
[2010/09/13 13:26:16 | 000,000,400 | ---- | C] () -- G:\Windows\ODBC.INI
[2010/09/13 09:16:36 | 000,000,606 | ---- | C] () -- G:\Windows\hpomdl46.dat.temp
[2010/09/13 08:44:40 | 000,225,761 | ---- | C] () -- G:\Windows\hpoins46.dat
[2010/01/29 10:07:14 | 000,001,514 | ---- | C] () -- G:\Windows\Mobile Partner Manager.INI
[2009/12/22 12:06:34 | 001,970,176 | ---- | C] () -- G:\Windows\System32\d3dx9.dll
[2009/12/17 05:45:45 | 000,007,168 | ---- | C] () -- G:\Windows\System32\drivers\StarOpen.sys
[2009/12/05 07:28:18 | 000,000,534 | ---- | C] () -- G:\Windows\eReg.dat
[2009/11/16 18:10:45 | 000,097,360 | ---- | C] () -- G:\Windows\System32\drivers\Fwusb1b.bin
[2009/11/15 16:15:46 | 000,000,012 | ---- | C] () -- G:\Windows\bthservsdp.dat
[2009/11/15 16:07:42 | 000,022,528 | ---- | C] () -- G:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 14:08:21 | 000,000,680 | ---- | C] () -- G:\Users\User\AppData\Local\d3d9caps.dat
[2009/08/16 13:59:50 | 000,150,792 | ---- | C] () -- G:\Windows\System32\FNTCACHE.DAT
[2009/06/10 23:02:28 | 000,000,606 | ---- | C] () -- G:\Windows\hpomdl46.dat
[2009/04/11 12:54:15 | 000,290,748 | ---- | C] () -- G:\Windows\System32\perfi007.dat
[2009/04/11 12:54:14 | 000,617,382 | ---- | C] () -- G:\Windows\System32\perfh007.dat
[2009/04/11 12:54:14 | 000,122,246 | ---- | C] () -- G:\Windows\System32\perfc007.dat
[2009/04/11 12:54:14 | 000,036,916 | ---- | C] () -- G:\Windows\System32\perfd007.dat
[2009/04/11 09:18:12 | 000,107,612 | ---- | C] () -- G:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 09:18:12 | 000,018,904 | ---- | C] () -- G:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 09:18:11 | 000,117,248 | ---- | C] () -- G:\Windows\System32\EhStorAuthn.dll
[2007/02/10 00:32:12 | 000,159,744 | ---- | C] () -- G:\Windows\System32\atitmmxx.dll
[2007/02/10 00:07:38 | 003,107,788 | ---- | C] () -- G:\Windows\System32\atiumdva.dat
[2007/02/05 20:03:02 | 000,146,037 | ---- | C] () -- G:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- G:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,586,568 | ---- | C] () -- G:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- G:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,100,640 | ---- | C] () -- G:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- G:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- G:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- G:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- G:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- G:\Windows\System32\mlang.dat
[2006/03/06 04:41:02 | 000,073,728 | ---- | C] () -- G:\Windows\System32\AMV_DecDLL.dll
 
========== LOP Check ==========
 
[2009/08/16 14:06:35 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2009/12/17 05:45:56 | 000,000,000 | ---D | M] -- G:\ProgramData\Canneverbe Limited
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2009/08/16 14:06:35 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2009/08/16 14:06:35 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2010/05/28 12:59:35 | 000,000,000 | ---D | M] -- G:\ProgramData\GMX
[2011/03/29 12:19:12 | 000,000,000 | ---D | M] -- G:\ProgramData\MumboJumbo
[2012/02/27 15:24:19 | 000,000,000 | ---D | M] -- G:\ProgramData\SolidDocuments
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2009/08/16 14:06:35 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2010/12/09 14:25:14 | 000,000,000 | ---D | M] -- G:\ProgramData\SweetIM
[2011/12/18 14:34:00 | 000,000,000 | ---D | M] -- G:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2009/08/16 14:06:35 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2011/05/31 18:17:12 | 000,000,000 | ---D | M] -- G:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/14 18:00:40 | 000,032,586 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> G:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 129 bytes -> G:\ProgramData\TEMP:4673E9EA
< End of report >

Sasasasa 15.03.2012 19:49
hier der Rest. Sorry das ich das alles so kompliziert mach aber ich bin ein absoluter null blicker bezüglich ZIP und Posts zusammenfügen...Sorry ...aber hoffentlich hab ich nun alles komplett und kann mit eurer Hilfe rechnen...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16.08.2009 20:03:55
System Uptime: 15.03.2012 19:02:15 (0 hours ago)
.
Motherboard: MEDIONPC |  | MS-7327
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 169 GiB total, 111,148 GiB free.
D: is FIXED (NTFS) - 166 GiB total, 165,675 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0015
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #6
PNP Device ID: ROOT\*ISATAP\0015
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #7
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.65
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AutoUpdate
AV Voice Changer Software DIAMOND 5.0
Avira AntiVir Personal - Free Antivirus
Big Fish Games Client
Bonjour
BufferChm
Burn4Free CD & DVD 4.9.0.0
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization German
ccc-core-static
ccc-utility
CCC Help German
CDBurnerXP
Cheat Engine 5.5
Compatibility Pack für 2007 Office System
Copy
Destinations
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DJ_AIO_06_F4500_SW_MIN
DVDVideoSoftTB Toolbar
ESET Online Scanner v3
F4500
Free Audio CD Burner version 1.4.7
Free DVD Video Burner version 3.1.815
Free M4a to MP3 Converter 7.0
Free Studio version 4.2
Free YouTube to MP3 Converter version 3.10.8.815
GMX MultiMessenger
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
H.264 Decoder
Hama Webcam Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iCON 210
ImgBurn
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes Anti-Malware Version 1.60.1.1000
MarketResearch
Media Player Utilities 4.25
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Midnight Mysteries Edgar Allan Poe Conspiracy
Midnight Mysteries Salem Witch Trials
MKV Splitter
Mozilla Firefox 10.0.2 (x86 de)
MSVCRT
Mystery Case Files: Huntsville ™
Mystery Case Files: Prime Suspects ™
Nero 10 Movie ThemePack Basic
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Network
PriceGong 2.1.0
QuickTime
RarZilla Free Unrar
Realtek High Definition Audio Driver
Scan
Shop for HP Supplies
SimCity 4 Deluxe
Skins
Skype™ 4.2
Solid Converter PDF
SolutionCenter
Status
SweetIM for Messenger 3.3
SweetIM Toolbar for Internet Explorer 4.0
Toolbox
TrayApp
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
VLC media player 0.9.8a
WebReg
Winamp
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18813  BrowserJavaVersion: 1.6.0_23
Run by User at 19:17:10 on 2012-03-15
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1919.1418 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mWinlogon: Userinit=Userinit.exe,
uWindows: Load=c:\users\user\locals~1\temp\msbiuflj.scr
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MyWirelessCard] c:\program files\mobile partner manager\icon 210\Mobile Partner Manager.exe
uRun: [GMX_GMX MultiMessenger] "c:\program files\gmx\gmx multimessenger\MESSENGR.EXE" /hide
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [AVMWlanClient] c:\program files\avmwlanstick\FRITZWLANMini.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to AMV/AVI Video Converter... - c:\program files\media player utilities 4.25\amvconverter\grab.html
IE: Free YouTube to MP3 Converter - c:\users\user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3B6191FE-86F4-4FC7-978D-0A4A24109371} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: ccc-core-static - msiexec /fums {08D864D1-9CAD-7D21-AAB6-4B9E3BC8D1A5} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\rw3p2rxl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\rw3p2rxl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\rw3p2rxl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\user\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2009-11-16 265088]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-5-1 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-1 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-1 66616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-10 652360]
S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSI599F.tmp [2012-2-27 180552]
S2 uCamMonitor;CamMonitor;c:\program files\hama\hama webcam suite\magic-i visual effects 2\uCamMonitor.exe [2010-9-24 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-9-24 17920]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-11-16 4352]
S3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\gtstusbser.sys [2010-1-29 103552]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-10 20464]
S3 rt70x86;ASUS RT2500 USB Wireless LAN Driver;c:\windows\system32\drivers\netr70.sys [2006-12-27 245248]
.
=============== Created Last 30 ================
.
2012-03-15 18:47:58        --------        d-----w-        C:\_OTL
2012-03-14 22:28:17        --------        d-----w-        c:\program files\ESET
2012-03-10 20:07:51        --------        d-----w-        c:\users\user\appdata\roaming\Malwarebytes
2012-03-10 20:07:46        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-10 20:07:46        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-10 20:07:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-04 22:53:00        --------        d-----w-        c:\users\user\appdata\roaming\kodak
2012-02-27 19:28:26        --------        d-----w-        c:\program files\MSECache
2012-02-27 19:27:12        --------        d-----w-        c:\users\user\appdata\roaming\SolidDocuments
2012-02-27 19:24:35        27976        ----a-w-        c:\windows\system32\solidlocalmon.dll
2012-02-27 19:24:35        19272        ----a-w-        c:\windows\system32\solidlocalui.dll
2012-02-27 19:24:27        --------        d-----w-        c:\program files\SolidDocuments
2012-02-27 19:24:19        --------        d-----w-        c:\programdata\SolidDocuments
.
==================== Find3M  ====================
.
.
============= FINISH: 19:17:46,43 ===============
--- --- ---

Larusso 18.03.2012 04:33
:hallo:

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.



Starte den Rechner bitte in den abgesicherten Modus mit Netzwerkunterstützung.



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sasasasa 18.03.2012 11:15
Combofix Logfile:
Code:
ComboFix 12-03-17.01 - User 18.03.2012  12:05:05.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1919.1037 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\MSWINSCK.OCX
c:\windows\system32\odbcad32.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-18 bis 2012-03-18  ))))))))))))))))))))))))))))))
.
.
2012-03-18 11:09 . 2012-03-18 11:10        --------        d-----w-        c:\users\User\AppData\Local\temp
2012-03-18 11:09 . 2012-03-18 11:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-15 18:47 . 2012-03-15 18:47        --------        d-----w-        C:\_OTL
2012-03-14 22:28 . 2012-03-14 22:28        --------        d-----w-        c:\program files\ESET
2012-03-10 20:07 . 2012-03-10 20:07        --------        d-----w-        c:\users\User\AppData\Roaming\Malwarebytes
2012-03-10 20:07 . 2012-03-10 20:07        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-10 20:07 . 2012-03-10 20:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-10 20:07 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 22:53 . 2012-03-04 23:47        --------        d-----w-        c:\users\User\AppData\Roaming\kodak
2012-02-27 19:28 . 2012-02-27 19:28        --------        d-----w-        c:\program files\MSECache
2012-02-27 19:27 . 2012-02-27 19:27        --------        d-----w-        c:\users\User\AppData\Roaming\SolidDocuments
2012-02-27 19:24 . 2011-10-21 01:21        19272        ----a-w-        c:\windows\system32\solidlocalui.dll
2012-02-27 19:24 . 2011-10-21 01:21        27976        ----a-w-        c:\windows\system32\solidlocalmon.dll
2012-02-27 19:24 . 2012-02-27 19:24        --------        d-----w-        c:\program files\SolidDocuments
2012-02-27 19:24 . 2012-02-27 19:24        --------        d-----w-        c:\programdata\SolidDocuments
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 16:10 . 2011-12-04 17:59        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08        2393184        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 16:28        1485112        ----a-r-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MyWirelessCard"="c:\program files\Mobile Partner Manager\iCON 210\Mobile Partner Manager.exe" [2008-11-28 974848]
"GMX_GMX MultiMessenger"="c:\program files\GMX\GMX MultiMessenger\MESSENGR.EXE" [2009-10-16 5031336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3311655658-669025925-877886368-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXLDAPOW
*Deregistered* - pxldapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
HPService        REG_MULTI_SZ          HPSLPSVC
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 23:48]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 23:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.25\AMVConverter\grab.html
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-18 12:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI599F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-18  12:11:32
ComboFix-quarantined-files.txt  2012-03-18 11:11
.
Vor Suchlauf: 11 Verzeichnis(se), 119.548.592.128 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 123.639.980.032 Bytes frei
.
- - End Of File - - 97E8B8D6F2FC6E626475E072033E4C1C
--- --- ---

Larusso 18.03.2012 15:03
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:
FireFox::
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
Reboot::
Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Berichte wie der Rechner läuft

Sasasasa 18.03.2012 16:59
Also txt Datei hab ich reinkopiert C.FIX ist gestartet alles im abgesicherten Modus. Am Anfang hat er mir angezeigt das Avira noch läuft aber ich habs ausgestellt und dann auf OK gedrückt. nach der File50 hat er mir gesagt, es muss nach etwas gründlicher gesucht/gescannt werden. Danach ist der Rechner neugestartet und im normal Modus hochgefahren. C.FIX ist noch gelaufen allerdings ist dann während es gelaufen ist alles hochgefahren was unter Autostart läuft AVIRA messenger usw....der hat dann abgeschlossen und mir das unten eingefügte LOG ausgespuckt. Rechner läuft grad normal BKA Desktop ist verschwunden. Trau mich aber nicht groß rumzumachen und zu testen....WAs nun??? Vielen dank schonmal hammer vielen vielen Dank für deine mühe

Code:
ComboFix 12-03-17.01 - User 18.03.2012  17:40:29.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1919.1228 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\User\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-18 bis 2012-03-18  ))))))))))))))))))))))))))))))
.
.
2012-03-18 16:44 . 2012-03-18 16:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-18 16:44 . 2012-03-18 15:47        --------        d-----w-        c:\users\User\AppData\Local\temp
2012-03-18 11:12 . 2012-03-18 11:12        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 11:12 . 2012-03-18 11:12        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll
2012-03-15 18:47 . 2012-03-15 18:47        --------        d-----w-        C:\_OTL
2012-03-14 22:28 . 2012-03-14 22:28        --------        d-----w-        c:\program files\ESET
2012-03-10 20:07 . 2012-03-10 20:07        --------        d-----w-        c:\users\User\AppData\Roaming\Malwarebytes
2012-03-10 20:07 . 2012-03-10 20:07        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-10 20:07 . 2012-03-10 20:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-10 20:07 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 22:53 . 2012-03-04 23:47        --------        d-----w-        c:\users\User\AppData\Roaming\kodak
2012-02-27 19:28 . 2012-02-27 19:28        --------        d-----w-        c:\program files\MSECache
2012-02-27 19:27 . 2012-02-27 19:27        --------        d-----w-        c:\users\User\AppData\Roaming\SolidDocuments
2012-02-27 19:24 . 2011-10-21 01:21        19272        ----a-w-        c:\windows\system32\solidlocalui.dll
2012-02-27 19:24 . 2011-10-21 01:21        27976        ----a-w-        c:\windows\system32\solidlocalmon.dll
2012-02-27 19:24 . 2012-02-27 19:24        --------        d-----w-        c:\program files\SolidDocuments
2012-02-27 19:24 . 2012-02-27 19:24        --------        d-----w-        c:\programdata\SolidDocuments
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 11:12 . 2011-12-04 17:59        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08        2393184        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 16:28        1485112        ----a-r-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MyWirelessCard"="c:\program files\Mobile Partner Manager\iCON 210\Mobile Partner Manager.exe" [2008-11-28 974848]
"GMX_GMX MultiMessenger"="c:\program files\GMX\GMX MultiMessenger\MESSENGR.EXE" [2009-10-16 5031336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3311655658-669025925-877886368-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
HPService        REG_MULTI_SZ          HPSLPSVC
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 23:48]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 23:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.25\AMVConverter\grab.html
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI599F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5224)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Update\NASvc.exe
c:\program files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-18  16:52:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-18 15:52
ComboFix2.txt  2012-03-18 11:11
.
Vor Suchlauf: 13 Verzeichnis(se), 123.674.169.344 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 123.234.185.216 Bytes frei
.
- - End Of File - - DDA2E98BC2C64DB0860690C5688C3CC3

Larusso 18.03.2012 20:23
Bitte folgendes im Normalmodus ausführen.



Update bitte Malwarebytes und lass einen Quick Scan laufen. Lass alle Funde löschen und poste das Logfile hier.




Starte bitte DDS
  • Wenn der Scan fertig ist, wird es 2 Logfiles erstellen. :
    1. DDS.txt
    2. Attach.txt
  • Speichere beide auf deinem Desktop und poste diese bitte hier

Sasasasa 19.03.2012 11:34
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18813  BrowserJavaVersion: 1.6.0_23
Run by User at 11:31:38 on 2012-03-19
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1919.947 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Installer\MSI599F.tmp
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\avmwlanstick\FRITZWLANMini.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [MyWirelessCard] c:\program files\mobile partner manager\icon 210\Mobile Partner Manager.exe
uRun: [GMX_GMX MultiMessenger] "c:\program files\gmx\gmx multimessenger\MESSENGR.EXE" /hide
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [AVMWlanClient] c:\program files\avmwlanstick\FRITZWLANMini.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to AMV/AVI Video Converter... - c:\program files\media player utilities 4.25\amvconverter\grab.html
IE: Free YouTube to MP3 Converter - c:\users\user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3B6191FE-86F4-4FC7-978D-0A4A24109371} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\rw3p2rxl.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\user\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-5-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-1 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-1 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-10 652360]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSI599F.tmp [2012-2-27 180552]
R2 uCamMonitor;CamMonitor;c:\program files\hama\hama webcam suite\magic-i visual effects 2\uCamMonitor.exe [2010-9-24 104960]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2009-11-16 265088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-10 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-9-24 17920]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-11-16 4352]
S3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\gtstusbser.sys [2010-1-29 103552]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 rt70x86;ASUS RT2500 USB Wireless LAN Driver;c:\windows\system32\drivers\netr70.sys [2006-12-27 245248]
.
=============== Created Last 30 ================
.
2012-03-18 16:44:43        --------        d-----w-        c:\users\user\appdata\local\temp
2012-03-18 15:47:24        --------        d-sh--w-        C:\$RECYCLE.BIN
2012-03-18 11:12:11        592824        ----a-w-        c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 11:12:11        44472        ----a-w-        c:\program files\mozilla firefox\mozglue.dll
2012-03-18 11:03:51        98816        ----a-w-        c:\windows\sed.exe
2012-03-18 11:03:51        518144        ----a-w-        c:\windows\SWREG.exe
2012-03-18 11:03:51        256000        ----a-w-        c:\windows\PEV.exe
2012-03-18 11:03:51        208896        ----a-w-        c:\windows\MBR.exe
2012-03-15 18:47:58        --------        d-----w-        C:\_OTL
2012-03-14 22:28:17        --------        d-----w-        c:\program files\ESET
2012-03-10 20:07:51        --------        d-----w-        c:\users\user\appdata\roaming\Malwarebytes
2012-03-10 20:07:46        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-10 20:07:46        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-10 20:07:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-04 22:53:00        --------        d-----w-        c:\users\user\appdata\roaming\kodak
2012-02-27 19:28:26        --------        d-----w-        c:\program files\MSECache
2012-02-27 19:27:12        --------        d-----w-        c:\users\user\appdata\roaming\SolidDocuments
2012-02-27 19:24:35        27976        ----a-w-        c:\windows\system32\solidlocalmon.dll
2012-02-27 19:24:35        19272        ----a-w-        c:\windows\system32\solidlocalui.dll
2012-02-27 19:24:27        --------        d-----w-        c:\program files\SolidDocuments
2012-02-27 19:24:19        --------        d-----w-        c:\programdata\SolidDocuments
.
==================== Find3M  ====================
.
.
============= FINISH: 11:32:03,68 ===============
--- --- ---



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16.08.2009 20:03:55
System Uptime: 18.03.2012 16:45:06 (19 hours ago)
.
Motherboard: MEDIONPC | | MS-7327
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 169 GiB total, 117,285 GiB free.
D: is FIXED (NTFS) - 166 GiB total, 165,675 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0015
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #6
PNP Device ID: ROOT\*ISATAP\0015
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #7
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel
.
==== System Restore Points ===================
.
RP1237: 23.02.2012 00:07:41 - Geplanter Prüfpunkt
RP1239: 24.02.2012 00:00:08 - Geplanter Prüfpunkt
RP1241: 25.02.2012 00:00:04 - Geplanter Prüfpunkt
RP1243: 26.02.2012 00:51:59 - Geplanter Prüfpunkt
RP1245: 27.02.2012 00:00:08 - Geplanter Prüfpunkt
RP1247: 27.02.2012 20:28:31 - Compatibility Pack für 2007 Office System wird installiert
RP1249: 29.02.2012 00:00:03 - Geplanter Prüfpunkt
RP1251: 29.02.2012 22:26:42 - Geplanter Prüfpunkt
RP1253: 02.03.2012 00:00:06 - Geplanter Prüfpunkt
RP1255: 03.03.2012 00:00:05 - Geplanter Prüfpunkt
RP1257: 18.03.2012 17:26:33 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AutoUpdate
AV Voice Changer Software DIAMOND 5.0
Avira AntiVir Personal - Free Antivirus
Big Fish Games Client
Bonjour
BufferChm
Burn4Free CD & DVD 4.9.0.0
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization German
ccc-core-static
ccc-utility
CCC Help German
CDBurnerXP
Cheat Engine 5.5
Compatibility Pack für 2007 Office System
Copy
Destinations
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DJ_AIO_06_F4500_SW_MIN
DVDVideoSoftTB Toolbar
ESET Online Scanner v3
F4500
Free Audio CD Burner version 1.4.7
Free DVD Video Burner version 3.1.815
Free M4a to MP3 Converter 7.0
Free Studio version 4.2
Free YouTube to MP3 Converter version 3.10.8.815
GMX MultiMessenger
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
H.264 Decoder
Hama Webcam Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iCON 210
ImgBurn
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes Anti-Malware Version 1.60.1.1000
MarketResearch
Media Player Utilities 4.25
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Midnight Mysteries Edgar Allan Poe Conspiracy
Midnight Mysteries Salem Witch Trials
MKV Splitter
Mozilla Firefox 11.0 (x86 de)
MSVCRT
Mystery Case Files: Huntsville ™
Mystery Case Files: Prime Suspects ™
Nero 10 Movie ThemePack Basic
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Network
PriceGong 2.1.0
QuickTime
RarZilla Free Unrar
Realtek High Definition Audio Driver
Scan
Shop for HP Supplies
SimCity 4 Deluxe
Skins
Skype™ 4.2
Solid Converter PDF
SolutionCenter
Status
SweetIM for Messenger 3.3
SweetIM Toolbar for Internet Explorer 4.0
Toolbox
TrayApp
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
VLC media player 0.9.8a
WebReg
Winamp
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
.
==== End Of File ===========================



Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18813
User :: PC [Administrator]

Schutz: Aktiviert

19.03.2012 11:26:16
mbam-log-2012-03-19 (11-26-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 186072
Laufzeit: 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Larusso 19.03.2012 14:16

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Sasasasa 19.03.2012 15:55
Hi Daniel

CAN NOT GET UPDATED!IS PROXY CONFI?

die fehler meldung erscheind wenn ich eset laufen lassen will ...bei 50% Step 2 of 4, setz ich dann den haken und nehm den einen raus und dann kommt nach ner minute die oben genannte fehlermeldung?!

Larusso 19.03.2012 21:11
Mit welchem Browser hast du den Scan versucht ?

Sasasasa 19.03.2012 22:29
hi daniel...

so jetzt hab ichs

C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4f0f87ae-599ebc14 a variant of Java/Exploit.CVE-2011-3544.BA trojan
C:\Users\User\Downloads\SoftonicDownloader_fuer_solid-converter-pdf.exe a variant of Win32/SoftonicDownloader.D application
C:\Users\User\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.A application

Larusso 20.03.2012 08:08
:daumenhoc


Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.



Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 6 Update 31 ) herunter laden.
  • Wenn die installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Berichte ob der Rechner noch Probleme macht.

Sasasasa 20.03.2012 17:12
Hi Daniel,

so. ich hab alles gemacht und die neusten updates und auch Adobe neu installiert.

Was nicht geht ist:

wenn ich nach dem neustart auf java in systemsteuerung/Programme klicke habe ich den Reiter allgemein nicht!

Was mir auch aufgefallen ist, bei neustart startet mein IE das war am Anfang auch so und dann kam gleich der Trojaner zum vorschein!

Nun kommt zwar nur der IE aber zeigt keine Seite an einfach nur leer sowie wenn du in der Startseite nichts eingibst. Wenn ich Ihn schließe kommt die allgemeine Fehlermeldung wo ich den schaden senden kann oder einfach programm schließen kann?

Meinst du das hat was mit dem BKA Dings zu tun???Und danke nochmal für die mühe

Larusso 21.03.2012 07:51
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Sasasasa 23.03.2012 06:39
OTL Logfile:
Code:
OTL logfile created on: 23.03.2012 06:30:19 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 59,29% Memory free
4,00 Gb Paging File | 2,92 Gb Available in Paging File | 73,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169,33 Gb Total Space | 115,79 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive D: | 166,02 Gb Total Space | 165,68 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.23 06:28:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012.02.27 20:24:32 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Windows\Installer\MSI599F.tmp
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.28 21:58:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.13 16:21:08 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.16 16:45:40 | 005,031,336 | ---- | M] (GMX GmbH) -- C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE
PRC - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 14:18:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.02.02 17:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.08.20 16:35:42 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2596.29106__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:42 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2596.29322__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:42 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2596.29386__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:42 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2596.29060__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:42 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2596.29120__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:42 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2596.29354__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:42 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2596.29343__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:42 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2596.29294__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2596.29097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2596.29119__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2596.29081__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:42 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2596.29224__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:41 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2596.29392__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2596.29075__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2596.29349__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2596.29237__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2596.29136__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2596.29084__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2596.29328__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:40 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2596.29306__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2596.29128__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2596.29259__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:40 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2596.29313__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.08.20 16:35:40 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2596.29303__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2596.29233__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2596.29378__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2596.29257__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2596.29142__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:39 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2596.29298__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:39 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2596.29228__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:39 | 000,319,488 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2596.29218__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.08.20 16:35:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2596.29225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2596.29233__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2596.29279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.08.20 16:35:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.08.20 16:35:38 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.08.20 16:35:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.08.20 16:35:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.08.20 16:35:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.08.20 16:35:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.08.20 16:35:38 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.08.20 16:35:37 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2596.29091__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.08.20 16:35:37 | 000,389,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2596.29361__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.08.20 16:35:37 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2596.29361_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2009.08.20 16:35:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2596.29369__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.08.20 16:35:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2596.29368__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.08.20 16:35:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.08.20 16:35:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.08.20 16:35:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.08.20 16:35:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.08.20 16:35:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2596.29415__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.08.20 16:35:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.08.20 16:35:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.08.20 16:35:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.08.20 16:35:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.08.20 16:35:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009.08.20 16:35:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.08.20 16:35:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.08.20 16:35:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.08.20 16:35:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.08.20 16:35:36 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2596.29069__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.08.20 16:35:36 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2596.29059__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.08.20 16:35:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2596.29060__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.08.20 16:35:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.08.20 16:35:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.08.20 16:35:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2596.29058__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.08.20 16:35:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.08.20 16:35:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.08.20 16:35:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.08.20 16:35:36 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2596.29369__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
MOD - [2009.04.11 17:48:40 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.04.11 17:48:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.04.11 17:48:18 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.04.11 14:46:00 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a3a76226460de2153a62bdbfed9228b9\System.Management.ni.dll
MOD - [2009.04.11 14:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2009.04.11 14:42:38 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2009.04.11 14:42:36 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll
MOD - [2009.04.11 14:42:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2009.04.11 14:42:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2009.04.11 14:42:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2009.04.11 14:42:10 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2009.04.11 14:42:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2007.02.10 05:32:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.27 20:24:32 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Windows\Installer\MSI599F.tmp -- (SCPDFReadSpool)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.28 21:58:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 21:58:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 21:58:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.11.18 17:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtstusbser.sys -- (gtstusbser)
DRV - [2008.04.24 13:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.02.10 05:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.12.27 16:41:00 | 000,245,248 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.10.30 23:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 14 53 56 A9 60 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CE7BCAAA-E3E0-4BBE-AC07-1A2E9E303B4F}: "URL" = hxxp://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Bing"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 12:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.20 17:01:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010.12.09 19:25:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{d591241b-9967-418c-9b7d-ee128131d60d}: C:\Program Files\GMX\GMX MultiMessenger\ThunderbirdSyncProxy [2010.05.28 17:56:11 | 000,000,000 | ---D | M]
 
[2009.11.16 23:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.02.16 13:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rw3p2rxl.default\extensions
[2012.02.16 13:45:25 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rw3p2rxl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.05 23:01:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rw3p2rxl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.25 16:52:44 | 000,002,171 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\searchplugins\bing.xml
[2010.12.05 23:27:10 | 000,000,881 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\searchplugins\conduit.xml
[2010.12.09 19:25:19 | 000,003,915 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\searchplugins\sweetim.xml
[2012.03.20 16:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.20 16:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.20 16:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010.12.09 19:25:23 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW3P2RXL.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.03.18 12:12:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.20 16:56:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.07 21:47:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.07 21:47:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.07 21:47:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.07 21:47:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.07 21:47:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.07 21:47:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2012.03.18 16:47:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [GMX_GMX MultiMessenger] C:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE (GMX GmbH)
O4 - HKCU..\Run: [MyWirelessCard] C:\Programme\Mobile Partner Manager\iCON 210\Mobile Partner Manager.exe ()
O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Programme\Media Player Utilities 4.25\AMVConverter\grab.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B6191FE-86F4-4FC7-978D-0A4A24109371}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 17:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.20 16:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.19 15:50:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\dds
[2012.03.18 17:44:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.18 17:44:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012.03.18 17:34:27 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.03.18 16:47:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.18 12:03:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.18 12:03:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.18 12:03:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.18 12:03:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.18 12:01:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.15 19:47:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.15 19:16:22 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\User\Desktop\dds.com
[2012.03.15 19:15:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012.03.14 23:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.10 21:07:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.03.10 21:07:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.10 21:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.10 21:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.10 21:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.04 23:53:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\kodak
[2012.03.04 23:52:54 | 000,000,000 | ---D | C] -- C:\Users\User\Local Settings
[2012.02.27 20:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.02.27 20:27:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SolidDocuments
[2012.02.27 20:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
[2012.02.27 20:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\SolidDocuments
[2012.02.27 20:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidDocuments
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.23 05:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.23 05:05:14 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 05:05:14 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 19:43:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.20 20:47:08 | 000,347,437 | ---- | M] () -- C:\Users\User\Desktop\CASHANTRAG_20120320_204527_AB15237384271C6385245A77FCE96409cash_23648.pdf
[2012.03.20 17:09:52 | 000,618,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.20 17:09:52 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 17:09:52 | 000,122,624 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.20 17:09:52 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 17:05:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.20 17:04:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.19 15:50:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
[2012.03.18 17:34:47 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.03.18 16:47:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.15 19:21:18 | 000,294,216 | ---- | M] () -- C:\Users\User\Desktop\gmer.zip
[2012.03.15 19:16:24 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\User\Desktop\dds.com
[2012.03.15 19:15:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012.03.14 22:55:30 | 000,150,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.07 15:20:36 | 000,000,680 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.03.20 20:47:08 | 000,347,437 | ---- | C] () -- C:\Users\User\Desktop\CASHANTRAG_20120320_204527_AB15237384271C6385245A77FCE96409cash_23648.pdf
[2012.03.20 17:01:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.18 12:03:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.18 12:03:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.18 12:03:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.18 12:03:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.18 12:03:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.15 19:21:18 | 000,294,216 | ---- | C] () -- C:\Users\User\Desktop\gmer.zip
[2012.02.27 20:24:35 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2012.02.27 20:24:35 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2010.10.11 00:51:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.13 18:26:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.13 14:16:36 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010.09.13 13:44:40 | 000,225,761 | ---- | C] () -- C:\Windows\hpoins46.dat
 
========== LOP Check ==========
 
[2010.04.30 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2011.08.30 16:06:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2010.12.05 23:01:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.14 22:19:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2010.05.28 17:59:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GMX
[2012.03.05 01:20:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn
[2010.11.22 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Philipp Winterberg
[2012.02.27 20:27:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SolidDocuments
[2012.03.20 17:04:26 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.18 16:47:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.03.25 20:52:25 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2012.03.20 19:38:53 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.16 19:06:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.13 00:44:02 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2009.08.20 16:26:51 | 000,000,000 | ---D | M] -- C:\Medion
[2010.08.03 18:01:13 | 000,000,000 | ---D | M] -- C:\Neuer Ordner (2)
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.20 19:38:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.11 00:06:38 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.08.16 19:06:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.18 16:52:14 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.03.23 06:33:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.08.16 19:08:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.18 16:47:23 | 000,000,000 | ---D | M] -- C:\Windows
[2009.08.16 19:50:35 | 000,000,000 | ---D | M] -- C:\Windows.old
[2012.03.15 19:47:58 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
< MD5 for: EXPLORER.EXE  >
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-08-20 15:32:06
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4673E9EA

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 23.03.2012 06:30:19 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 59,29% Memory free
4,00 Gb Paging File | 2,92 Gb Available in Paging File | 73,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169,33 Gb Total Space | 115,79 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive D: | 166,02 Gb Total Space | 165,68 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3311655658-669025925-877886368-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D024B8-5902-4073-B5F2-6E8FE1A81522}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17889578-637B-479D-82AC-34DBD05837CA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{24D5417B-9E29-4CF9-B161-097A0706A304}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A31914F-34B2-4107-B0EA-36C52A47577F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BF8D6FD-F4C5-4EA8-A6F4-1F5CC97B2A5F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{33D83818-EF13-429C-B2CE-C67DC9A24424}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ADB8D05-298C-4363-9AF1-9D342B9D8022}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41F71140-3021-4226-BAA3-9675DF81ED26}" = rport=445 | protocol=6 | dir=out | app=system |
"{454AC548-D87C-473D-937F-FCCE143AAEC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CD4158F-C180-4BD1-BB87-FFF126DF0043}" = lport=137 | protocol=17 | dir=in | app=system |
"{4F55FB78-1CF0-491B-8C23-B4A5CB949A46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5BE87425-F33F-4399-AA7B-9E1A04B11E52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6039ED83-B616-43B4-B3EE-D3FFEC3545C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70A39218-9F91-4292-BE79-AEC15F6D75EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{72E31D9F-836A-48CE-98AD-1B82AE2BDC44}" = rport=10243 | protocol=6 | dir=out | app=system |
"{796262FF-B627-49AD-A41F-D2D7932BEC7A}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A44F019-6051-4637-9D86-3BB046232980}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B7F787E-8548-4F4D-A541-578336B012E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{80D75D0C-4754-4EBA-AC30-AA064830B997}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3FEF925-5396-4C87-B2BF-0E66DD397395}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF86F3EE-5EC0-4EC2-B0B9-6A349D11E07A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5811A33-B62C-4231-A8FB-AA78A5EC3BDC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B6966972-1E13-4C7E-BCD0-5801E23E6440}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE7E50D7-3275-4A69-90DB-9DA81FECCB60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2802611-8A78-4BA1-A504-E3D1A865D2E1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C6667DB5-36E7-4AA0-BD6C-7896B2507609}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB14F6D9-A073-4C39-94FF-8B491536A9C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF125DAB-8B9B-4EBC-B545-36ECA04AC337}" = rport=137 | protocol=17 | dir=out | app=system |
"{E98A68E4-97ED-4C67-A3EA-87D731F1F2AC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F6044BCE-1E8C-4979-AAAA-92A9550E7C0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0910DD20-F400-4A33-8167-169B332B2A4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15042F0D-37DB-4B1E-8378-BB281AE2B308}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{29D8C384-3E91-43C6-82AF-6EC5BAE52A05}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AF11DF7-730B-4AC1-87A4-638A0ED5430B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35A0750A-6219-4EAD-8B7B-761A2FEF25D1}" = dir=in | app=e:\setup\hpznui01.exe |
"{384E0E24-D0C2-4D9E-950D-1F0381CE03FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{438E4BC6-3542-4245-8C2D-9CB085EF6A52}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43E5C00E-6015-460D-AB04-CBA7D30DDDEF}" = protocol=6 | dir=out | app=system |
"{50B747C2-928D-46C9-AABA-902DA47E6076}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52850C2D-369F-4B31-8E0E-A2DB2A544688}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{536925BC-527C-4D27-8D61-E9E6B00CBC17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BB54905-4661-4177-9253-1834CC8139A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8EC6255D-EEF4-4CB3-9751-AC20C151B9DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A272CB05-95A0-403D-8FBE-BEC33E0BCD33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B17F4646-4F0B-4941-BF53-6F6708EBF179}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B70621DE-ECC7-4235-8B97-F4CE36A7722C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEEE6A97-E9E1-46E2-BEF9-ABDBF219952C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF8411EC-3194-4B35-BE45-35617FBFC700}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{C3EF9353-EF7D-49D5-BD6F-5959005D1A2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C97825CF-D505-4257-A2A3-63A4E87CC892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CBE54F4A-F4BF-4A3A-ACD3-FD403846006B}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{D9E30F4D-49DF-4D17-A181-4777ED6B5259}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9FE7EF4-40C0-4848-B81D-5CCC9FCB86D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB9615CD-4183-4427-B868-6D5B9AF54EAB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EC73529B-D283-4191-B43E-254440E21959}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{11B7A00B-B175-4F44-B54B-291C9F9D2B6A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3D4BDBB5-4FBB-4460-BC65-D1B3B5423AB6}C:\program files\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\gmx\gmx multimessenger\messengr.exe |
"TCP Query User{54E2DF88-35CD-4760-A6E3-8231F4F94D8C}C:\program files\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\gmx\gmx multimessenger\messengr.exe |
"UDP Query User{1FF9D1A5-8C60-4103-886E-8539517A3F77}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A9816099-7093-4737-B07B-EF9F5F2C782C}C:\program files\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\gmx\gmx multimessenger\messengr.exe |
"UDP Query User{AF832576-7460-49FE-BBF7-2F90D973184D}C:\program files\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\gmx\gmx multimessenger\messengr.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D864D1-9CAD-7D21-AAB6-4B9E3BC8D1A5}" = ccc-core-static
"{0D738AF1-715D-D5B8-FED5-562FE611F738}" = Catalyst Control Center Localization German
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2949E300-133D-CD51-93DE-0F9A7F9B7047}" = CCC Help German
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33C9480C-12EE-34F1-82F5-74FF32B22787}" = ccc-utility
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4315FBC5-9241-E978-EA6B-D7212900F3A7}" = Catalyst Control Center Graphics Full Existing
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6861404A-99CB-B527-A830-6152E3C0F443}" = ATI Catalyst Install Manager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = Media Player Utilities 4.25
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{93C987F5-6563-4D29-A7C0-7DC85471D7C3}" = Nero Multimedia Suite 10 Essentials
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9800F872-AC4A-E014-3CD1-1EBDCAD06805}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C675B46-9998-9DA9-20FC-BAF19F340353}" = Catalyst Control Center Graphics Light
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D083AB13-EFA7-8D0C-1472-4E0FBAC02549}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF100337-9A0E-52BE-64D8-E4EA7B41E65F}" = Catalyst Control Center Graphics Previews Vista
"{EC127C66-AF7B-D137-9878-B01A8A3ECE9B}" = Skins
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"7-Zip" = 7-Zip 9.20
"AV Voice Changer Software DIAMOND 5.0" = AV Voice Changer Software DIAMOND 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects ™
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.815
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"GMX MultiMessenger" = GMX MultiMessenger
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midnight Mysteries Edgar Allan Poe Conspiracy" = Midnight Mysteries Edgar Allan Poe Conspiracy
"Midnight Mysteries Salem Witch Trials" = Midnight Mysteries Salem Witch Trials
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"PriceGong" = PriceGong 2.1.0
"RarZilla Free Unrar" = RarZilla Free Unrar
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2012 11:57:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18813, Zeitstempel
 0x4a6621ae, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0xee75b8fd,  Prozess-ID 0x74c, Anwendungsstartzeit
 01cd06b2110a6e30.
 
Error - 20.03.2012 12:00:49 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 20.03.2012 12:00:49 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 20.03.2012 12:02:00 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18813, Zeitstempel
 0x4a6621ae, fehlerhaftes Modul mgToolbarIE.dll, Version 4.0.0.4, Zeitstempel 0x4cbc676e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0006b7b9,  Prozess-ID 0x3c4, Anwendungsstartzeit
 01cd06b2c4f45280.
 
Error - 20.03.2012 12:11:08 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18813, Zeitstempel
 0x4a6621ae, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00f90f73,  Prozess-ID 0x824, Anwendungsstartzeit
 01cd06b38ab41758.
 
Error - 21.03.2012 19:00:03 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 21.03.2012 19:00:03 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 22.03.2012 19:00:03 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 22.03.2012 19:00:04 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 23.03.2012 01:33:12 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
[ System Events ]
Error - 18.03.2012 12:41:58 | Computer Name = PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 18.03.2012 12:44:46 | Computer Name = PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 18.03.2012 12:45:23 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
 
Error - 18.03.2012 12:45:40 | Computer Name = PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
 Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben.
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
 werden.
 
Error - 18.03.2012 11:49:19 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 20.03.2012 11:52:25 | Computer Name = PC | Source = DCOM | ID = 10005
Description =
 
Error - 20.03.2012 11:52:25 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 20.03.2012 11:52:25 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.03.2012 12:05:10 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
 
Error - 20.03.2012 12:09:25 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description =
 
 
< End of report >
--- --- ---

Larusso 23.03.2012 16:52
Deinstalliere bitte
DVDVideoSoftTB Toolbar
SweetIM Toolbar for Internet Explorer 4.0
PriceGong 2.1.0


Code:
:otl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search"
[2012.02.16 13:45:25 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rw3p2rxl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.05 23:01:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rw3p2rxl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.05 23:27:10 | 000,000,881 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rw3p2rxl.default\searchplugins\conduit.xml
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [SweetIM]
:commands
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread

Sasasasa 23.03.2012 18:19
Hi Daniel,

funzt nicht. OTL stürzt ab. Kommt immer keine Rückmeldung. Habs jetzt 6 mal probiert.

Larusso 26.03.2012 19:55
Sorry, hab nicht gesehen, dass du geantwortet hast :(


Poste mal ne neue OTL Log


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131