Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus Befall: e621ca05

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 30.09.2012, 17:36   #1
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Guten Tag,
ich habe im forum schon gesucht und habe auch schon die schritte befolgt
mein virus ist anscheinend diese e621ca05 exe
den online scanner benutze ich gerade und werde die log file hier dann auch hochladen.
Hoffe mir kann dann irgendwie geholfen werden,ansonsten würde ich windows 7 home premium 64bit neu installieren

C:\Games\killingfloor\ZIP.dll Win32/PSW.Agent.NUY trojan
C:\Users\ImperatorZwiebel\AppData\Local\Temp\adobe.exe IRC/SdBot trojan
C:\Users\ImperatorZwiebel\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\ImperatorZwiebel\AppData\Local\Temp\VidSaver_4.exe Win32/Toolbar.CrossRider application
C:\Users\ImperatorZwiebel\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application
C:\Users\ImperatorZwiebel\AppData\Local\Temp\ICReinstall\cnet_rctllus_zip.exe a variant of Win32/InstallCore.D application
C:\Users\ImperatorZwiebel\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats
C:\Users\ImperatorZwiebel\AppData\Roaming\6E9B.exe IRC/SdBot trojan
C:\Users\ImperatorZwiebel\AppData\Roaming\DAB5.exe IRC/SdBot trojan
C:\Users\ImperatorZwiebel\AppData\Roaming\Pptytn.exe Win32/Dorkbot.B worm
I:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm
I:\AdobReader 1.lnk Win32/Dorkbot.D worm
I:\AdobReader.lnk Win32/Dorkbot.D worm
I:\APOIM.lnk Win32/Dorkbot.D worm
I:\Avira 1.lnk Win32/Dorkbot.D worm
I:\Avira.lnk Win32/Dorkbot.D worm
I:\Camtasia 1.lnk Win32/Dorkbot.D worm
I:\Camtasia.lnk Win32/Dorkbot.D worm
I:\Config.Msi.lnk Win32/Dorkbot.D worm
I:\DAEMON Tools Lite.lnk Win32/Dorkbot.D worm
I:\DayZCommander.lnk Win32/Dorkbot.D worm
I:\DEAMON Tools Lite 1.lnk Win32/Dorkbot.D worm
I:\DivX.lnk Win32/Dorkbot.D worm
I:\Doc.lnk Win32/Dorkbot.D worm
I:\Fraps 1.lnk Win32/Dorkbot.D worm
I:\Fraps.lnk Win32/Dorkbot.D worm
I:\Freemake 1.lnk Win32/Dorkbot.D worm
I:\Freemake.lnk Win32/Dorkbot.D worm
I:\hamachi 1.lnk Win32/Dorkbot.D worm
I:\hamachi.lnk Win32/Dorkbot.D worm
I:\java 1.lnk Win32/Dorkbot.D worm
I:\JDownloader 1.lnk Win32/Dorkbot.D worm
I:\Jdownloader.lnk Win32/Dorkbot.D worm
I:\Mp3 Player.lnk Win32/Dorkbot.D worm
I:\nss171C.tmp.lnk Win32/Dorkbot.D worm
I:\Open office 1.lnk Win32/Dorkbot.D worm
I:\Open Office.lnk Win32/Dorkbot.D worm
I:\Playstation 3.lnk Win32/Dorkbot.D worm
I:\plugins.lnk Win32/Dorkbot.D worm
I:\Program.lnk Win32/Dorkbot.D worm
I:\ps3.lnk Win32/Dorkbot.D worm
I:\searchplugins.lnk Win32/Dorkbot.D worm
I:\sixupdater.lnk Win32/Dorkbot.D worm
I:\Sound Blaster Tactic(3D) Control Panel.lnk Win32/Dorkbot.D worm
I:\Sound Blaster.lnk Win32/Dorkbot.D worm
I:\Steam 1.lnk Win32/Dorkbot.D worm
I:\Steam.lnk Win32/Dorkbot.D worm
I:\System Volume Information.lnk Win32/Dorkbot.D worm
I:\Ts3 1.lnk Win32/Dorkbot.D worm
I:\Ts3.lnk Win32/Dorkbot.D worm
I:\Vlc Player.lnk Win32/Dorkbot.D worm
I:\VlcPlayer 1.lnk Win32/Dorkbot.D worm
I:\Winamp.lnk Win32/Dorkbot.D worm
I:\WinRar.lnk Win32/Dorkbot.D worm
I:\RECYCLER\e621ca05.exe Win32/Dorkbot.B worm


Es sollte so aussehen hoffe ich mal,ich werde nachher auf abschlussfahrt fahren und werde am samstag abend wieder kommen sie können sich also zeit lassen hiermit ^^

Geändert von Onion99 (30.09.2012 um 17:43 Uhr)

Alt 02.10.2012, 06:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Hi,

Von den Funden nix löschen lassen! Die brauch ich noch


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 06.10.2012, 10:18   #3
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012  12:12:26.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.1847 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-06 bis 2012-10-06  ))))))))))))))))))))))))))))))
.
.
2012-10-06 10:14 . 2012-10-06 10:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-06 10:10 . 2012-10-06 10:10	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-10-06 10:04 . 2012-10-06 10:04	--------	d-----w-	c:\program files\WinRAR
2012-10-06 09:51 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-10-06 09:51 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-10-06 09:51 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-10-06 09:51 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-10-06 09:51 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-10-06 09:51 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-10-06 09:40 . 2012-10-06 09:40	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 09:40 . 2012-10-06 09:40	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-06 09:40 . 2012-10-06 09:40	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-10-06 09:40 . 2012-10-06 09:40	--------	d-----w-	c:\windows\system32\Macromed
2012-10-06 09:04 . 2012-10-06 09:04	--------	d-----w-	c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57	--------	d-----w-	C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28	--------	d-----w-	C:\Steam
2012-10-06 08:44 . 2012-10-06 09:45	--------	d-----w-	c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 10:10	--------	d-----w-	c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25	--------	d-----w-	c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53	--------	d-----w-	c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27	--------	d-----w-	c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	C:\temp
2012-10-05 22:51 . 2012-08-30 19:14	60776	----a-w-	c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14	52584	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48	--------	d-----w-	C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45	188904	----a-w-	c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44	--------	d-----w-	c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 10:10	--------	d-sh--w-	c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38	--------	d-----w-	c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26	--------	d-----w-	c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58	--------	d-----w-	c:\users\ImperatorZwiebel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
"Skype"="i:\skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R2 SkypeUpdate;Skype Updater;i:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 09:40]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06  12:15:50
ComboFix-quarantined-files.txt  2012-10-06 10:15
ComboFix2.txt  2012-10-06 09:33
.
Vor Suchlauf: 14 Verzeichnis(se), 944.174.792.704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 943.772.057.600 Bytes frei
.
- - End Of File - - 1DEB36D3E93A86653F781F9CDD079BF7
         
--- --- ---


so das ist jetzt das richtige

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012  12:30:18.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.2033 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-06 bis 2012-10-06  ))))))))))))))))))))))))))))))
.
.
2012-10-06 10:32 . 2012-10-06 10:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-06 10:10 . 2012-10-06 10:10	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-10-06 10:04 . 2012-10-06 10:04	--------	d-----w-	c:\program files\WinRAR
2012-10-06 09:51 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-10-06 09:51 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-10-06 09:51 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-10-06 09:51 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-10-06 09:51 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-10-06 09:51 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-10-06 09:40 . 2012-10-06 09:40	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 09:40 . 2012-10-06 09:40	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-06 09:40 . 2012-10-06 09:40	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-10-06 09:40 . 2012-10-06 09:40	--------	d-----w-	c:\windows\system32\Macromed
2012-10-06 09:04 . 2012-10-06 09:04	--------	d-----w-	c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57	--------	d-----w-	C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28	--------	d-----w-	C:\Steam
2012-10-06 08:44 . 2012-10-06 09:45	--------	d-----w-	c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 10:10	--------	d-----w-	c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25	--------	d-----w-	c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53	--------	d-----w-	c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27	--------	d-----w-	c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	C:\temp
2012-10-05 22:51 . 2012-08-30 19:14	60776	----a-w-	c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14	52584	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48	--------	d-----w-	C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45	188904	----a-w-	c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44	--------	d-----w-	c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 10:10	--------	d-sh--w-	c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38	--------	d-----w-	c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26	--------	d-----w-	c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58	--------	d-----w-	c:\users\ImperatorZwiebel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
"Skype"="i:\skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R2 SkypeUpdate;Skype Updater;i:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 09:40]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06  12:33:14
ComboFix-quarantined-files.txt  2012-10-06 10:33
ComboFix2.txt  2012-10-06 10:15
ComboFix3.txt  2012-10-06 09:33
.
Vor Suchlauf: 15 Verzeichnis(se), 943.817.572.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 943.766.777.856 Bytes frei
.
- - End Of File - - E86DDF616918D5606BA22990219CDA33
         
--- --- ---
__________________

Geändert von Onion99 (06.10.2012 um 11:17 Uhr)

Alt 07.10.2012, 09:42   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Hi,

C:\Qoobox\

In dem Ordner sind Combofix2 und 3.txt, beide bitte posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.10.2012, 09:45   #5
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



2.
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012  12:12:26.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.1847 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-06 bis 2012-10-06  ))))))))))))))))))))))))))))))
.
.
2012-10-06 10:14 . 2012-10-06 10:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-06 10:10 . 2012-10-06 10:10	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-10-06 10:04 . 2012-10-06 10:04	--------	d-----w-	c:\program files\WinRAR
2012-10-06 09:51 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-10-06 09:51 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-10-06 09:51 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-10-06 09:51 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-10-06 09:51 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-10-06 09:51 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-10-06 09:40 . 2012-10-06 09:40	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 09:40 . 2012-10-06 09:40	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-06 09:40 . 2012-10-06 09:40	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-10-06 09:40 . 2012-10-06 09:40	--------	d-----w-	c:\windows\system32\Macromed
2012-10-06 09:04 . 2012-10-06 09:04	--------	d-----w-	c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57	--------	d-----w-	C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28	--------	d-----w-	C:\Steam
2012-10-06 08:44 . 2012-10-06 09:45	--------	d-----w-	c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 10:10	--------	d-----w-	c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25	--------	d-----w-	c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53	--------	d-----w-	c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27	--------	d-----w-	c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	C:\temp
2012-10-05 22:51 . 2012-08-30 19:14	60776	----a-w-	c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14	52584	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48	--------	d-----w-	C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45	188904	----a-w-	c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44	--------	d-----w-	c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 10:10	--------	d-sh--w-	c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38	--------	d-----w-	c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26	--------	d-----w-	c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58	--------	d-----w-	c:\users\ImperatorZwiebel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
"Skype"="i:\skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R2 SkypeUpdate;Skype Updater;i:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 09:40]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06  12:15:50
ComboFix-quarantined-files.txt  2012-10-06 10:15
ComboFix2.txt  2012-10-06 09:33
.
Vor Suchlauf: 14 Verzeichnis(se), 944.174.792.704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 943.772.057.600 Bytes frei
.
- - End Of File - - 1DEB36D3E93A86653F781F9CDD079BF7
         
--- --- ---






3.
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012  11:30:11.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.2882 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-06 bis 2012-10-06  ))))))))))))))))))))))))))))))
.
.
2012-10-06 09:32 . 2012-10-06 09:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-06 09:04 . 2012-10-06 09:04	--------	d-----w-	c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57	--------	d-----w-	C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28	--------	d-----w-	C:\Steam
2012-10-06 08:44 . 2012-10-06 08:44	--------	d-----w-	c:\programdata\SweetIM
2012-10-06 08:44 . 2012-10-06 08:44	--------	d-----w-	c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 08:36	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-10-06 08:36 . 2012-10-06 08:36	--------	d-----w-	c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25	--------	d-----w-	c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53	--------	d-----w-	c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27	--------	d-----w-	c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	C:\temp
2012-10-05 22:51 . 2012-08-30 19:14	60776	----a-w-	c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14	52584	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48	--------	d-----w-	C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45	188904	----a-w-	c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44	--------	d-----w-	c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 08:58	--------	d-sh--w-	c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38	--------	d-----w-	c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26	--------	d-----w-	c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58	--------	d-----w-	c:\users\ImperatorZwiebel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="i:\skype\Phone\Skype.exe" [2010-05-10 26959144]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06  11:33:27
ComboFix-quarantined-files.txt  2012-10-06 09:33
.
Vor Suchlauf: 14 Verzeichnis(se), 946.341.568.512 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 946.278.461.440 Bytes frei
.
- - End Of File - - DC19F7C945B5A794F61E1A5AEC2B60CD
         
--- --- ---


Alt 07.10.2012, 09:56   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
--> Virus Befall: e621ca05

Alt 07.10.2012, 10:11   #7
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.10.2012 11:05:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ImperatorZwiebel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,65% Memory free
7,98 Gb Paging File | 5,62 Gb Available in Paging File | 70,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,41 Gb Total Space | 863,91 Gb Free Space | 95,42% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 16,55 Gb Free Space | 66,20% Space Free | Partition Type: NTFS
Drive I: | 186,31 Gb Total Space | 185,62 Gb Free Space | 99,63% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,20 Mb Free Space | 71,20% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 394,38 Gb Free Space | 28,23% Space Free | Partition Type: NTFS
 
Computer Name: PAUL-COMPUTER | User Name: ImperatorZwiebel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 11:03:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ImperatorZwiebel\Desktop\OTL.exe
PRC - [2012.09.25 11:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Avira\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Avira\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Avira\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 11:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
MOD - [2012.09.25 11:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012.09.25 11:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012.09.25 11:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012.09.25 11:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012.09.25 11:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012.09.25 11:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012.09.25 11:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.06 11:40:06 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.06 10:58:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.02 21:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- I:\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- I:\Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- I:\Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- I:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.15 01:26:34 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\trustms.sys -- (trustms)
DRV:64bit: - [2010.04.07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.31 03:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: I:\Java 64bit\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Stylish = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: AdBlock = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Night Time In New York City = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\
CHR - Extension: YouTube = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Stylish = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: AdBlock = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Night Time In New York City = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Java 64bit\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Java 64bit\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] I:\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Steam] C:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7FFE5B6-7D0F-4FF0-A2FA-36DAE669EAA8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.10.07 11:03:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ImperatorZwiebel\Desktop\OTL.exe
[2012.10.06 17:42:59 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\LolClient
[2012.10.06 17:07:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.10.06 16:24:24 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\PMB Files
[2012.10.06 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.10.06 16:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.10.06 16:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.06 15:26:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.06 15:04:26 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Macromedia
[2012.10.06 15:04:25 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Adobe
[2012.10.06 12:33:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.06 12:28:41 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\ImperatorZwiebel\Desktop\ComboFix.exe
[2012.10.06 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.06 12:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.06 12:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.06 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.06 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\WinRAR
[2012.10.06 12:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.10.06 11:40:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.10.06 11:40:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.10.06 11:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.06 11:11:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.06 11:11:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.06 11:11:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.06 11:11:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.06 11:11:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.06 11:04:36 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\Documents\Tunngle
[2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Tunngle
[2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2012.10.06 10:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.10.06 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.10.06 10:57:34 | 000,000,000 | ---D | C] -- C:\Spiele
[2012.10.06 10:57:29 | 000,000,000 | ---D | C] -- C:\Steam
[2012.10.06 10:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2012.10.06 10:37:02 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Skype
[2012.10.06 10:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.10.06 01:00:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.10.06 00:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.10.06 00:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.10.06 00:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.10.06 00:51:48 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.10.06 00:51:48 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.10.06 00:51:48 | 000,000,000 | ---D | C] -- C:\temp
[2012.10.06 00:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.10.06 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Avira
[2012.10.06 00:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.10.06 00:48:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.10.06 00:44:52 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.06 00:44:52 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.06 00:44:52 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.06 00:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.06 00:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.06 00:38:21 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.06 00:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.10.06 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Google
[2012.10.06 00:38:03 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Apps
[2012.10.06 00:38:02 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Deployment
[2012.10.06 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\ElevatedDiagnostics
[2012.10.06 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\Desktop\Games
[2012.10.06 00:34:45 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\Desktop\Programme
[2012.10.06 00:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON
[2012.10.06 00:25:33 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.06 00:25:33 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Searches
[2012.10.06 00:25:33 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.06 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Identities
[2012.10.06 00:25:25 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Contacts
[2012.10.06 00:25:23 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\VirtualStore
[2012.10.06 00:25:10 | 000,000,000 | --SD | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Videos
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Saved Games
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Pictures
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Music
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Links
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Favorites
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Downloads
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Documents
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Desktop
[2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Vorlagen
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Verlauf
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Temporary Internet Files
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Startmenü
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\SendTo
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Recent
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Netzwerkumgebung
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Lokale Einstellungen
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Documents\Eigene Videos
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Documents\Eigene Musik
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Eigene Dateien
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Documents\Eigene Bilder
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Druckumgebung
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Cookies
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Anwendungsdaten
[2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Anwendungsdaten
[2012.10.06 00:25:10 | 000,000,000 | -H-D | C] -- C:\Users\ImperatorZwiebel\AppData
[2012.10.06 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Temp
[2012.10.06 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Microsoft
[2012.10.06 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Media Center Programs
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.10.06 00:04:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.06 00:02:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 11:03:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ImperatorZwiebel\Desktop\OTL.exe
[2012.10.07 10:52:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 10:48:38 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 10:44:37 | 000,019,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 10:44:37 | 000,019,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 09:16:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 09:16:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 09:16:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 09:16:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 09:16:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.07 09:14:38 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 09:12:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 09:11:49 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.06 16:01:25 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.06 15:11:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.06 15:11:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.06 12:28:53 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\ImperatorZwiebel\Desktop\ComboFix.exe
[2012.10.06 00:39:01 | 000,002,255 | ---- | M] () -- C:\Users\ImperatorZwiebel\Desktop\Google Chrome.lnk
[2012.10.06 00:06:39 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.06 00:06:39 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.06 00:04:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.06 15:11:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.06 15:11:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.06 11:40:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.06 11:11:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.06 11:11:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.06 11:11:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.06 11:11:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.06 11:11:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.06 10:45:21 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.06 10:45:21 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.10.06 10:45:21 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.10.06 00:50:40 | 000,016,366 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.06 00:39:01 | 000,002,255 | ---- | C] () -- C:\Users\ImperatorZwiebel\Desktop\Google Chrome.lnk
[2012.10.06 00:38:20 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.06 00:38:19 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.06 00:25:38 | 000,001,413 | ---- | C] () -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.06 00:25:34 | 000,001,447 | ---- | C] () -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.06 00:06:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.06 00:06:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.06 00:04:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.06 00:01:22 | 3214,233,600 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.03.31 08:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.06 17:42:59 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Roaming\LolClient
[2012.10.06 11:04:59 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Tunngle
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.06 15:26:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.03.11 20:49:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.09.11 08:50:19 | 000,000,000 | ---D | M] -- C:\Intel
[2009.09.11 09:41:07 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.10.06 00:48:58 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.06 12:04:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.06 17:07:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.06 16:24:23 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.03.11 20:49:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.06 12:33:16 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.10.06 00:25:00 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.10.06 16:24:55 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.10.07 10:05:49 | 000,000,000 | ---D | M] -- C:\Steam
[2012.10.07 11:06:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.06 00:51:48 | 000,000,000 | ---D | M] -- C:\temp
[2012.10.06 00:53:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.06 16:53:24 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.10.06 10:58:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
[2012.10.06 00:45:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F86417007FF}
[2012.10.06 00:53:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}
[2012.10.06 12:10:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
 
< %localappdata%\*. /5 >
[2012.10.06 00:25:10 | 000,000,000 | -HSD | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Anwendungsdaten
[2012.10.06 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Apps
[2012.10.06 00:38:15 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Deployment
[2012.10.06 00:37:01 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\ElevatedDiagnostics
[2012.10.06 00:39:01 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Google
[2012.10.06 00:41:39 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Microsoft
[2012.10.06 20:59:11 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\PMB Files
[2012.10.07 11:05:17 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Temp
[2012.10.06 00:25:10 | 000,000,000 | -HSD | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Temporary Internet Files
[2012.10.06 00:25:10 | 000,000,000 | -HSD | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Verlauf
[2012.10.06 00:25:23 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\VirtualStore

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.10.2012 11:05:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ImperatorZwiebel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,65% Memory free
7,98 Gb Paging File | 5,62 Gb Available in Paging File | 70,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,41 Gb Total Space | 863,91 Gb Free Space | 95,42% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 16,55 Gb Free Space | 66,20% Space Free | Partition Type: NTFS
Drive I: | 186,31 Gb Total Space | 185,62 Gb Free Space | 99,63% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,20 Mb Free Space | 71,20% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 394,38 Gb Free Space | 28,23% Space Free | Partition Type: NTFS
 
Computer Name: PAUL-COMPUTER | User Name: ImperatorZwiebel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0549EFCD-21E4-486A-8CDF-B2EC4A6B8C5C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{33EE8E61-8612-4E86-9BD0-D60E316226A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46535614-116A-4E4A-A7F3-C4E0ACAB545F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4B92FD5B-A670-4C9B-BC91-3D0D97D9D081}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5BB130F3-1771-420E-BBB0-CF677C350D67}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6802B644-B61E-4544-B05A-8CAEF36E467C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69B0B5BD-6F5E-48B3-AEE2-FC30213661F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A44314B-181B-440F-A2A2-7F7AF0438AB6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{82BE2D1B-8EE8-4559-932F-0E577EC63A3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9588FF64-8C19-4890-BF9D-DDECF801DC82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9ECD393-786A-40B4-A707-639E7D8909A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFEFA69E-C7B2-438A-AA46-052934211862}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C09C7810-B4CD-41DB-A195-D9A6C6FF2B1F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9361CF5-67BC-42CC-A3E9-20C7C712549E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CB8C2ACB-E0F2-4731-A2B0-57DF7833537E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DDC99DA9-CB6A-453A-85C1-A6A9F3D79DCD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DF2DCB21-A58B-4937-A360-4EB0F67DA7B0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E28AED46-9BCF-411E-8D5F-4FAFC7482342}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E7AD2F24-4623-4206-9545-6E4653C8FF4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F528A60A-D88E-4403-887A-4C34DC004662}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F6235B31-7762-48F7-9B1B-332C82201A3E}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C326C0-67CC-4454-AE4D-581D0B285E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{05B4136D-602D-4B06-B301-9EC24B74EAC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{12150CAA-ED5C-45F2-888B-144CA5475BE9}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{1E7B0F03-278A-4D24-9600-33B7C1C79A66}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{20E1378F-EC59-453F-86F8-032F633B9FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34D8188E-8854-4ACC-B05D-A0530E49724B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35FF6326-B9C2-4DE4-A7D6-87B483E52208}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{427659D9-2D9E-4A4D-AC4F-863DA4EDF55B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{459A6360-0450-41A8-9AD3-18E5D2BAC977}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4FD7B6DE-8F2C-4AB1-A087-8CA72A9C5A02}" = protocol=17 | dir=in | app=c:\steam\steam.exe | 
"{51F46420-C405-45D0-A858-6C5A063B2BF8}" = protocol=6 | dir=in | app=i:\tunngle\tnglctrl.exe | 
"{66BA28E5-22DF-4951-B4DA-061506279DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B2FD684-2AED-4FBE-A604-E33DB2E33E3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80CE6BB2-3FA8-442F-8894-06B0F093A69B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{84293778-7F1B-4B73-9D6A-2FFEC68F61E9}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{88D7B54D-06EA-4670-A4B7-C3F0E4BD7757}" = protocol=6 | dir=out | app=system | 
"{97FBFB53-70AD-4677-BF89-E5F6E039CAE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AB9D3C9-7AC3-4737-88EF-0CBCE86093FC}" = dir=in | app=i:\skype\phone\skype.exe | 
"{9E52B7FC-F4EF-4B60-8367-A0DB1ECC3FB0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A619BA6F-8B59-49AA-88ED-2894D9457F64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A65420B2-771E-49B2-812F-5B2AF2CC0B8B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A8EF1B16-81F4-4544-89C5-55B8FC6FAEA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AB3CA8D9-5683-4147-A8D8-A290154D8735}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD95F708-F6EE-429F-85E3-65134E5F7D2C}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{B9586014-7B60-49E3-A6B1-AF8FF321875D}" = protocol=6 | dir=in | app=i:\tunngle\tunngle.exe | 
"{BD9E021C-3A2D-4C1D-8E72-24A46235D17E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BDF4B3F1-17DF-45B6-B86F-D9CF6CFB6C7D}" = protocol=6 | dir=in | app=c:\steam\steam.exe | 
"{C4020652-309A-43A7-B97E-041CA8B608B5}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{D1256E8D-287D-49DE-B32F-987CEE1EC598}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2A31B3E-D3C2-450F-9E51-ABAF6C7B66A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5BE3817-BBF4-4F90-9600-3FB36FA90904}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DD60616B-873A-4AB2-8980-3D9768756545}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DE1C63F0-857F-4CAB-96C2-4F13F71D2827}" = protocol=17 | dir=in | app=i:\tunngle\tunngle.exe | 
"{DF47A6E9-8BCF-4DB6-8C66-A6CF16A9F304}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DFB81E2C-797D-4CD4-8E73-BE0E90DCD309}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E15D3877-FA12-4569-AB91-19F7CA4B194D}" = protocol=17 | dir=in | app=i:\tunngle\tnglctrl.exe | 
"{E1F70EE2-AAA4-46AF-A2FF-10AF2BE24C00}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{177BDDF9-38E7-434F-86AC-5E660792BCF9}I:\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=i:\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{E1A9C2BB-F7B1-46CD-BD58-48D8875C8340}I:\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=i:\jdownloader\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 1250" = Killing Floor
"Tunngle beta_is1" = Tunngle beta
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.10.2012 05:04:48 | Computer Name = Paul-Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.10.2012 05:28:38 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.10.2012 09:12:06 | Computer Name = Paul-Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.10.2012 09:59:43 | Computer Name = Paul-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.623,
 Zeitstempel: 0x503f8803  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74f56c9c  ID des fehlerhaften
 Prozesses: 0x304  Startzeit der fehlerhaften Anwendung: 0x01cda3a4dc6eab2d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 13a4c07c-0fbe-11e2-a36a-4061862d9a25
 
Error - 06.10.2012 09:59:50 | Computer Name = Paul-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.10.8.0, Zeitstempel:
 0x503f86dd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74f56c9c  ID des fehlerhaften Prozesses:
 0xf5c  Startzeit der fehlerhaften Anwendung: 0x01cda3a534999b48  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 17ccc796-0fbe-11e2-a36a-4061862d9a25
 
Error - 06.10.2012 09:59:52 | Computer Name = Paul-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 13.4.0.184, Zeitstempel:
 0x50616a94  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74f56c9c  ID des fehlerhaften Prozesses:
 0x738  Startzeit der fehlerhaften Anwendung: 0x01cda3cadba43d03  Pfad der fehlerhaften
 Anwendung: I:\Avira\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 19558aa4-0fbe-11e2-a36a-4061862d9a25
 
Error - 06.10.2012 10:02:41 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.10.2012 10:50:50 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.10.2012 10:54:31 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.10.2012 03:13:40 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.10.2012 10:02:31 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 06.10.2012 10:05:06 | Computer Name = Paul-Computer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter
 Windows 7 für x64-basierte Systeme (KB2544521)
 
Error - 06.10.2012 10:05:06 | Computer Name = Paul-Computer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
 Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845)
 
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "wscsvc" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 06.10.2012 10:51:58 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
 
< End of report >
         
--- --- ---

Alt 07.10.2012, 17:42   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Hi,

Was ist Dein Laufwerk I: ??
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.10.2012, 20:29   #9
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



I: ist meine Externe festplatte wo ich nur programme drauf mache
C: die ganz normale
K: ist auch eine Externe
D: ist Recovery
J: hatte ich vorher noch nie das ist seid ich windows neu aufgesetzt habe aufeinmal da

Alt 07.10.2012, 20:32   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Alles anklemmen was Du hast und dran lassen.

Mach nen VollScan mit Malwarebytes Antimalware, guck dass alle Laufwerke angehakt sind.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.10.2012, 21:19   #11
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Das Programm sagt mit das nichts infiziert ist

Alt 08.10.2012, 06:19   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Logfile?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.10.2012, 14:59   #13
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ImperatorZwiebel :: PAUL-COMPUTER [Administrator]

08.10.2012 15:31:03
mbam-log-2012-10-08 (15-31-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325390
Laufzeit: 27 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 08.10.2012, 15:37   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Dann noch den Onlinescan, auch hier alle Platten anschliessen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.10.2012, 15:52   #15
Onion99
 
Virus Befall: e621ca05 - Standard

Virus Befall: e621ca05



Gerade fertig geworden


K:\Filme.lnk Win32/Dorkbot.D worm
K:\Musik.lnk Win32/Dorkbot.D worm
K:\Navigon.Blitzer.06.2012.lnk Win32/Dorkbot.D worm
K:\Navigon.lnk Win32/Dorkbot.D worm
K:\NAVIGON.MAPS.Q2.2012.lnk Win32/Dorkbot.D worm
K:\Paul.lnk Win32/Dorkbot.D worm
K:\Sendungen.lnk Win32/Dorkbot.D worm
K:\Sorglospaket.v8.lnk Win32/Dorkbot.D worm
K:\Sound.lnk Win32/Dorkbot.D worm
K:\System Volume Information.lnk Win32/Dorkbot.D worm

Antwort

Themen zu Virus Befall: e621ca05
64bit, babylontoolbar, befall, file, forum, geholfen, gesuch, gesucht, guten, home, home premium, icreinstall, installiere, installieren, jdownloader, log, log file, neu, online, premium, scan, scanner, schei, schritte, virus, win32/installcore.d, windows, windows 7, würde



Ähnliche Themen: Virus Befall: e621ca05


  1. Virus befall von BKA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.11.2014 (3)
  2. WIN / 32 bit BKA .BK .BPD Virus Befall
    Log-Analyse und Auswertung - 18.02.2014 (11)
  3. recycler/e621ca05.exe auf Laptop/ externer Festplatte, SD-Karte
    Log-Analyse und Auswertung - 09.12.2013 (11)
  4. C:\windows\system32RECYCLER\e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (29)
  5. virus befall ???
    Log-Analyse und Auswertung - 28.05.2013 (3)
  6. F:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 28.03.2013 (21)
  7. recycler/e621ca05.exe auf meiner SD-Karte
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (20)
  8. Verschlüsselungstrojaner e621ca05
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (38)
  9. Trojaner e621ca05.exe auf externer Festplatte. Ist auch mein Rechner befallen?
    Log-Analyse und Auswertung - 21.11.2012 (10)
  10. ,,Recycler/e621ca05.exe könnte nicht gefunden werden" auf externe Festplatte
    Alles rund um Windows - 19.10.2012 (1)
  11. e621ca05- externe Festplatte nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  12. Ext. Fesplatte zeigt nur noch Verknüpfungen (e621ca05.exe)
    Log-Analyse und Auswertung - 12.09.2012 (3)
  13. recycler e621ca05.exe auf Externer Festplatte
    Log-Analyse und Auswertung - 21.05.2012 (11)
  14. recycler/e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  15. Fehler bei Speicherkarten durch G:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 31.03.2012 (29)
  16. BKA-Virus-Befall: OTL.log
    Log-Analyse und Auswertung - 12.08.2011 (1)
  17. Virus-Befall?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (3)

Zum Thema Virus Befall: e621ca05 - Guten Tag, ich habe im forum schon gesucht und habe auch schon die schritte befolgt mein virus ist anscheinend diese e621ca05 exe den online scanner benutze ich gerade und werde - Virus Befall: e621ca05...
Archiv
Du betrachtest: Virus Befall: e621ca05 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.