Alt 12.03.2013, 02:59   #1
Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649 - Standard

Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649


meine Freundin hat sich auf irgendeiner Ford Taunus Fan Siter wohl irgendwas übles eingefangen.
War leider grad nicht zu Hause. Sie meinte das Sie eine zip runterladen wollte. Danach war das System unbrauchbar langsam und Firefox leitete alles auf Dubiose seiten um.

Win 7 Up-to-Date + Securety Essentials

Hab dann erstmal nen Scann mit Desinfect gemacht, der erste Scan lieferte keine ergebnisse. Nach 2 Tagen hab ich mich nochmal entschlossen zu Scannen und sie da er hat einiges gefunden(Rechner war zwischenzeitlich nicht an!).

Leider finde ich nix hilfreiches im Netz, hab auch angst davor Windows zu Sarten und weiteren Schaden anzurichten.

Hab esrtmal alle Dateien mit .VIRUS vrsehen lassen, sollten eigentlich keine wichtigen Systemdateien dabei sein.

Gibts da noch rettung für das System oder sollte ich alles Wichtige sichern und neu aufsetzen? (Hab irgendwie in erinnerung das das mal probleme gab wegen der Windows Benutzer verwaltung?)

Muss ich mir gedanken um andere rechner machen die im Netzwerk waren?

Vielen dank schon ein mal für eure mühen!

mfg M.H.

Infizierte Datei ggf. Datei in Archiv Fund durch Avira Fund durch Bitdefender Fund durch ClamAV Fund durch Kaspersky

/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20565_none_610aea6876e58b53/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16447_none_6098ee095db5e655/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20551_none_6111b92c76e10a06/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Program Files/Microsoft Office/Office12/POWERPNT.EXE Win.Trojan.Agent-232649
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20553_none_6113b9c076df3cb4/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16457_none_608e1e1d5dbe0246/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16455_none_608c1d895dbfcf98/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7600.16385_none_abb2bcfa5b01dea9/msinfo32.exe Win.Trojan.Expiro-1161
/media/F4AAA8A5AAA86638/Windows/System32/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20562_none_6107e98a76e83f4e/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7600.16385_none_861b553e4c3473c1/msinfo32.exe Win.Trojan.Expiro-1161
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20557_none_6117bae876dba210/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16446_none_6097edbf5db6ccfe/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20573_none_60fe19e876ef7496/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20554_none_6114ba0a76de560b/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16450_none_60871c175dc450e5/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16448_none_6099ee535db4ffac/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16464_none_60804d535dc8d232/mshtmled.dll Win.Trojan.Agent-228583

Alt 13.03.2013, 13:41   #3
Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649 - Standard

Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649


ich glaube Desinfect hat schon gute Arbeit geleistet. Nachdem umbenennen auf .VIRUS hat nichts mehr angeschlagen.
Wieso finden die Scanner die Sachen nicht mehr, wegen dem .VIRUS? Sind ja noch auf der Platte.

Windows musste ich neu Aktivieren weil der Key weg war, hatte irgendwas gesagt von Systemdateien seien verändert.
MSSE wollte auch nicht mehr, da denke ich aber das es am fehlenden Key lag, da zickt MSSE ja sofort rum. Habs deinstalliert und Avira Installiert, das läuft jetzt.

 Malwarebytes Anti-Malware  (Test)

Datenbank Version: v2013.03.12.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
silwi :: SILWI-PC [Administrator]

Schutz: Aktiviert

12.03.2013 11:33:34
mbam-log-2013-03-12 (11-33-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193559
Laufzeit: 8 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

aswMBR version Copyright(c) 2011 AVAST Software
Run date: 2013-03-12 18:48:31
18:48:31.033    OS Version: Windows 6.1.7601 Service Pack 1
18:48:31.033    Number of processors: 2 586 0x6802
18:48:31.033    ComputerName: SILWI-PC  UserName: silwi
18:48:32.063    Initialize success
18:48:46.680    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:48:46.695    Disk 0 Vendor: FUJITSU_MHX2300BT 0000000B Size: 286168MB BusType: 3
18:48:46.742    Disk 0 MBR read successfully
18:48:46.758    Disk 0 MBR scan
18:48:46.758    Disk 0 Windows 7 default MBR code
18:48:46.789    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:48:46.883    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        30620 MB offset 206848
18:48:46.961    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        92160 MB offset 62916608
18:48:46.992    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       163286 MB offset 251660288
18:48:47.007    Disk 0 scanning sectors +586070016
18:48:47.085    Disk 0 scanning C:\Windows\system32\drivers
18:48:55.634    Service scanning
18:49:06.320    Service MpKsld52a7ae9 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{018D72E6-52BC-4CD2-8F40-DAC5FF696793}\MpKsld52a7ae9.sys **LOCKED** 32
18:49:14.074    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:49:20.267    Modules scanning
18:49:34.088    Disk 0 trace - called modules:
18:49:34.120    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x854db1f8]<<
18:49:34.120    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86388648]
18:49:34.135    3 CLASSPNP.SYS[8b78559e] -> nt!IofCallDriver -> [0x8623d8d8]
18:49:34.135    5 ACPI.sys[8b1593d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85515610]
18:49:34.151    \Driver\atapi[0x8622bc50] -> IRP_MJ_CREATE -> 0x854db1f8
18:49:34.151    Scan finished successfully
18:50:17.737    Disk 0 MBR has been saved successfully to "I:\MBR.dat"
18:50:17.753    The log file has been saved successfully to "I:\aswMBR.txt"

18:50:33.0914 2396  TDSS rootkit removing tool Feb 11 2013 18:50:42
18:50:34.0242 2396  ============================================================
18:50:34.0242 2396  Current date / time: 2013/03/12 18:50:34.0242
18:50:34.0242 2396  SystemInfo:
18:50:34.0242 2396  
18:50:34.0242 2396  OS Version: 6.1.7601 ServicePack: 1.0
18:50:34.0242 2396  Product type: Workstation
18:50:34.0242 2396  ComputerName: SILWI-PC
18:50:34.0242 2396  UserName: silwi
18:50:34.0242 2396  Windows directory: C:\Windows
18:50:34.0242 2396  System windows directory: C:\Windows
18:50:34.0242 2396  Processor architecture: Intel x86
18:50:34.0242 2396  Number of processors: 2
18:50:34.0258 2396  Page size: 0x1000
18:50:34.0258 2396  Boot type: Normal boot
18:50:34.0258 2396  ============================================================
18:50:36.0847 2396  Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:50:36.0847 2396  Drive \Device\Harddisk1\DR1 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:50:36.0863 2396  ============================================================
18:50:36.0863 2396  \Device\Harddisk0\DR0:
18:50:36.0863 2396  MBR partitions:
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BCE000
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3C00800, BlocksNum 0xB400000
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xF000800, BlocksNum 0x13EEB000
18:50:36.0863 2396  \Device\Harddisk1\DR1:
18:50:36.0863 2396  MBR partitions:
18:50:36.0863 2396  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F00, BlocksNum 0xF020FF
18:50:36.0863 2396  ============================================================
18:50:36.0863 2396  C: <-> \Device\Harddisk0\DR0\Partition2
18:50:36.0894 2396  D: <-> \Device\Harddisk0\DR0\Partition3
18:50:36.0925 2396  E: <-> \Device\Harddisk0\DR0\Partition4
18:50:36.0925 2396  ============================================================
18:50:36.0925 2396  Initialize success
18:50:36.0925 2396  ============================================================
18:51:48.0311 2820  ============================================================
18:51:48.0311 2820  Scan started
18:51:48.0311 2820  Mode: Manual; TDLFS; 
18:51:48.0311 2820  ============================================================
18:51:48.0654 2820  ================ Scan system memory ========================
18:51:48.0654 2820  System memory - ok
18:51:48.0654 2820  ================ Scan services =============================
18:52:09.0496 2820  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:52:09.0496 2820  Wd - ok
18:52:09.0558 2820  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:52:09.0558 2820  Wdf01000 - ok
18:52:09.0589 2820  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:52:09.0589 2820  WdiServiceHost - ok
18:52:09.0605 2820  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:52:09.0605 2820  WdiSystemHost - ok
18:52:09.0652 2820  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
18:52:09.0652 2820  WebClient - ok
18:52:09.0667 2820  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:52:09.0683 2820  Wecsvc - ok
18:52:09.0699 2820  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:52:09.0699 2820  wercplsupport - ok
18:52:09.0745 2820  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:52:09.0761 2820  WerSvc - ok
18:52:09.0823 2820  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:52:09.0823 2820  WfpLwf - ok
18:52:09.0855 2820  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:52:09.0855 2820  WIMMount - ok
18:52:09.0948 2820  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:52:09.0964 2820  WinDefend - ok
18:52:09.0979 2820  WinHttpAutoProxySvc - ok
18:52:10.0057 2820  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:52:10.0057 2820  Winmgmt - ok
18:52:10.0120 2820  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
18:52:10.0167 2820  WinRM - ok
18:52:10.0229 2820  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:52:10.0229 2820  WinUsb - ok
18:52:10.0291 2820  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:52:10.0291 2820  Wlansvc - ok
18:52:10.0307 2820  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:52:10.0307 2820  WmiAcpi - ok
18:52:10.0338 2820  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:52:10.0338 2820  wmiApSrv - ok
18:52:10.0447 2820  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:52:10.0479 2820  WMPNetworkSvc - ok
18:52:10.0494 2820  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:52:10.0494 2820  WPCSvc - ok
18:52:10.0525 2820  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:52:10.0541 2820  WPDBusEnum - ok
18:52:10.0572 2820  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:52:10.0572 2820  ws2ifsl - ok
18:52:10.0588 2820  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:52:10.0603 2820  wscsvc - ok
18:52:10.0603 2820  WSearch - ok
18:52:10.0759 2820  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:52:10.0775 2820  wuauserv - ok
18:52:10.0822 2820  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:52:10.0822 2820  WudfPf - ok
18:52:10.0869 2820  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:52:10.0869 2820  WUDFRd - ok
18:52:10.0915 2820  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:52:10.0915 2820  wudfsvc - ok
18:52:10.0947 2820  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:52:10.0947 2820  WwanSvc - ok
18:52:10.0993 2820  ================ Scan global ===============================
18:52:11.0040 2820  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:52:11.0087 2820  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:52:11.0118 2820  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:52:11.0149 2820  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:52:11.0165 2820  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:52:11.0181 2820  [Global] - ok
18:52:11.0181 2820  ================ Scan MBR ==================================
18:52:11.0196 2820  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:52:11.0493 2820  \Device\Harddisk0\DR0 - ok
18:52:11.0508 2820  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
18:52:11.0664 2820  \Device\Harddisk1\DR1 - ok
18:52:11.0664 2820  ================ Scan VBR ==================================
18:52:11.0664 2820  [ CEB7EC5C4E349ADD79854660F41A5854 ] \Device\Harddisk0\DR0\Partition1
18:52:11.0664 2820  \Device\Harddisk0\DR0\Partition1 - ok
18:52:11.0695 2820  [ 535EFE5D8C01C49A04DC921D3FAA0526 ] \Device\Harddisk0\DR0\Partition2
18:52:11.0711 2820  \Device\Harddisk0\DR0\Partition2 - ok
18:52:11.0727 2820  [ 5DD2BFBB35F4C4DC8B88586F8FEE225C ] \Device\Harddisk0\DR0\Partition3
18:52:11.0727 2820  \Device\Harddisk0\DR0\Partition3 - ok
18:52:11.0758 2820  [ 4FFE01062CCB262B80A2EBEF0E99B6BE ] \Device\Harddisk0\DR0\Partition4
18:52:11.0758 2820  \Device\Harddisk0\DR0\Partition4 - ok
18:52:11.0758 2820  [ 8C8B8D331534371B0D7964B7CC5D2F95 ] \Device\Harddisk1\DR1\Partition1
18:52:11.0758 2820  \Device\Harddisk1\DR1\Partition1 - ok
18:52:11.0773 2820  ============================================================
18:52:11.0773 2820  Scan finished
18:52:11.0773 2820  ============================================================
18:52:11.0789 3332  Detected object count: 1
18:52:11.0789 3332  Actual detected object count: 1
18:52:36.0437 3332  sptd ( LockedFile.Multi.Generic ) - skipped by user
18:52:36.0437 3332  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Malwarebytes Anti-Rootkit BETA

Database version: v2013.03.12.07

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
silwi :: SILWI-PC [administrator]

12.03.2013 19:31:26
mbar-log-2013-03-12 (19-31-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27641
Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Kann ich sonst noch was machen um sicher zu gehen?

Dir schon mal ein dickes Danke!

Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
Logfiles bitte immer in CODE-Tags posten

So hier dann die OTL logs. Kann man dir irgendwie nen Bier spendieren?

OTL logfile created on: 13.03.2013 13:47:48 - Run 1
OTL by OldTimer - Version     Folder = E:\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,91 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 53,29% Memory free
5,81 Gb Paging File | 4,15 Gb Available in Paging File | 71,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,90 Gb Total Space | 2,74 Gb Free Space | 9,15% Space Free | Partition Type: NTFS
Drive D: | 90,00 Gb Total Space | 64,31 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
Drive E: | 159,46 Gb Total Space | 158,68 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
Computer Name: SILWI-PC | User Name: silwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\vsnp2std.exe (Sonix)
========== Modules (No Company Name) ==========
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll ()
MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3512.36924__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3512.36804__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3512.36880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3512.36823__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3512.36875__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3512.36818__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3512.36812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3512.36907__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3512.36906__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3512.36910__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3512.36906__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3512.36894__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3512.36861__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3512.36894__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3512.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3512.36812__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3512.36856__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3512.36861__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3512.36895__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3512.36893__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3512.36847__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3512.36920__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3512.36849__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3512.36876__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3512.36824__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3512.36869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3512.36855__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3512.36829__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3512.36824__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3512.36854__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3512.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3512.36854__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3512.36828__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3512.36855__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3512.36919__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3512.36900__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3512.36801__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3512.36883__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3512.36817__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3512.36889__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3512.36887__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3512.36803__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3512.36808__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3512.36800__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3512.36801__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3512.36801__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3512.36889__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 56 C2 DF 10 1F CE 01  [binary data]
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.99
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:
FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/2463c6bf50d344127fa8158d581f453d/proxy.pac"
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.09 23:12:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.02.27 13:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.03.12 21:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.02.27 13:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.03.12 21:23:43 | 000,000,000 | ---D | M]
[2009.11.08 19:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\Extensions
[2013.02.24 12:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions
[2010.07.24 11:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.24 12:44:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.24 12:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions\staged
[2012.01.03 13:59:50 | 000,071,254 | R--- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\firenes@facundo.zaldo.xpi
[2013.02.24 12:44:16 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.01.03 17:00:07 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013.02.14 23:56:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009.12.04 19:46:33 | 000,001,626 | ---- | M] () -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\searchplugins\mozilla-add-ons.xml
O1 HOSTS File: ([2010.10.27 22:03:06 | 000,002,402 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 3dns.adobe.com 
O1 - Hosts: 3dns-1.adobe.com 
O1 - Hosts: 3dns-2.adobe.com 
O1 - Hosts: 3dns-3.adobe.com 
O1 - Hosts: 3dns-4.adobe.com 
O1 - Hosts: activate.adobe.com 
O1 - Hosts: activate-sea.adobe.com 
O1 - Hosts: activate-sea.adobe.com 
O1 - Hosts: activate-sjc0.adobe.com 
O1 - Hosts: activate.wip.adobe.com 
O1 - Hosts: activate.wip1.adobe.com 
O1 - Hosts: activate.wip2.adobe.com 
O1 - Hosts: activate.wip3.adobe.com 
O1 - Hosts: activate.wip4.adobe.com 
O1 - Hosts: adobe-dns.adobe.com 
O1 - Hosts: adobe-dns-1.adobe.com 
O1 - Hosts: adobe-dns-2.adobe.com 
O1 - Hosts: adobe-dns-3.adobe.com 
O1 - Hosts: adobe-dns-4.adobe.com 
O1 - Hosts: crl.verisign.net 
O1 - Hosts: ood.opsource.net 
O1 - Hosts: 209-34-83-73.ood.opsource.net 
O1 - Hosts: practivate.adobe 
O1 - Hosts: practivate.adobe 
O1 - Hosts: 24 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1301914460-2819278184-866932503-1000..\Run: [rgamx] C:\Users\silwi\AppData\Roaming\brcoinst9.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\silwi\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\silwi\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6FE873F-C04C-4674-B5CC-F53C334CFA48}: DhcpNameServer =
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d982634-1b7b-11e0-86da-00158307ca40}\Shell - "" = AutoRun
O33 - MountPoints2\{2d982634-1b7b-11e0-86da-00158307ca40}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.12 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\silwi\AppData\Roaming\Avira
[2013.03.12 21:22:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.12 21:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.12 21:14:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 21:14:35 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 21:14:35 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.12 21:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.12 19:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.03.12 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.03.12 11:32:19 | 000,000,000 | ---D | C] -- C:\Users\silwi\AppData\Roaming\Malwarebytes
[2013.03.12 11:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.12 11:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.12 11:31:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.12 11:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.12 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\silwi\AppData\Local\Programs
[2013.02.28 06:55:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 06:54:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 06:54:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 06:54:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 06:54:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 06:54:26 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 06:54:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 06:54:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 06:54:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 06:54:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 06:54:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 06:54:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 06:54:10 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 06:54:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 06:54:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 06:54:08 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 06:54:08 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 06:54:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 06:54:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 06:54:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 06:54:07 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 06:54:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 06:54:07 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 06:54:07 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.28 06:54:05 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.24 02:15:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013.02.20 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\silwi\dwhelper
[2013.02.17 13:41:16 | 000,000,000 | ---D | C] -- C:\Users\silwi\Application Data
[2013.02.14 00:33:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 00:33:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 00:33:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 00:33:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 00:33:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 00:33:38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 00:33:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 00:33:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 20:16:45 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 20:16:42 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 20:16:39 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 20:16:38 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 20:16:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
========== Files - Modified Within 30 Days ==========
[2013.03.13 13:35:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 13:34:59 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 13:34:59 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.13 13:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 21:39:06 | 000,000,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.12 21:26:52 | 000,006,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 21:26:52 | 000,006,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 21:23:44 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.12 21:18:54 | 2339,799,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.12 21:14:54 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.12 21:12:22 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 21:12:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 21:12:22 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 21:12:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.12 21:08:59 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.12 19:37:29 | 000,001,072 | ---- | M] () -- C:\Users\silwi\Desktop\EVEREST Home Edition.lnk
[2013.03.12 11:32:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.02 11:51:57 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 11:51:57 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 11:51:57 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 11:51:57 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.01 22:07:22 | 000,007,598 | ---- | M] () -- C:\Users\silwi\AppData\Local\Resmon.ResmonCfg
[2013.03.01 18:45:18 | 000,155,648 | RHS- | M] () -- C:\Users\silwi\AppData\Roaming\brcoinst9.dll
[2013.02.20 22:36:35 | 015,178,713 | ---- | M] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _-1.mp4
[2013.02.20 22:31:31 | 000,000,419 | ---- | M] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _.mp4
[2013.02.20 22:27:53 | 051,771,720 | ---- | M] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders Call Me Maybe imitaded by americ.mp4
[2013.02.17 13:37:52 | 000,000,244 | ---- | M] () -- C:\Users\silwi\.swfinfo
[2013.02.14 18:50:10 | 003,652,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.03.12 21:39:06 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.03.12 21:22:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013.03.12 21:22:45 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.12 21:14:54 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.12 19:37:29 | 000,001,072 | ---- | C] () -- C:\Users\silwi\Desktop\EVEREST Home Edition.lnk
[2013.03.12 11:32:35 | 000,006,592 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 11:32:34 | 000,006,592 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 11:32:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 18:45:17 | 000,155,648 | RHS- | C] () -- C:\Users\silwi\AppData\Roaming\brcoinst9.dll
[2013.02.20 22:35:18 | 015,178,713 | ---- | C] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _-1.mp4
[2013.02.20 22:31:30 | 000,000,419 | ---- | C] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _.mp4
[2013.02.20 22:21:51 | 051,771,720 | ---- | C] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders Call Me Maybe imitaded by americ.mp4
[2013.02.17 13:37:52 | 000,000,244 | ---- | C] () -- C:\Users\silwi\.swfinfo
[2011.06.25 20:34:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.06.28 21:48:30 | 000,007,598 | ---- | C] () -- C:\Users\silwi\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
OTL Extras logfile created on: 13.03.2013 13:47:48 - Run 1
OTL by OldTimer - Version     Folder = E:\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,91 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 53,29% Memory free
5,81 Gb Paging File | 4,15 Gb Available in Paging File | 71,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,90 Gb Total Space | 2,74 Gb Free Space | 9,15% Space Free | Partition Type: NTFS
Drive D: | 90,00 Gb Total Space | 64,31 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
Drive E: | 159,46 Gb Total Space | 158,68 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
Computer Name: SILWI-PC | User Name: silwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
"{0EE0433D-2057-4AAC-8781-79E07A628EA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10457BD6-9242-4BE4-862E-02E97AE2918A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{16F7B5F9-133E-4522-8401-99674EDE674A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1B8C6C95-D3AF-4C8E-8372-F0F9F4ED2F24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2AC4F119-3A8E-4265-A6DA-9B6B3C7B2193}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E974DA7-D86A-48EA-AF22-5407DBEB1DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3406A899-6B1E-478F-B08F-30546E39C7B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{377FCBAF-BB2D-4EC8-B315-FC914C5FE752}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3BA088CD-A4FA-4C09-89D9-85DE5A7EA1F4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3CD04AF5-6D76-4B69-B437-8B606287FDD0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4047E7BC-D491-465E-BA72-58C47B737D3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51C8BDD9-3F7E-431C-A384-DB23D4CE4120}" = rport=138 | protocol=17 | dir=out | app=system | 
"{59D8BAB6-32B3-4F66-90DE-A54E0A7EB5D9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B566920-03F4-4086-84FB-B4039729F8FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{87CD8CF6-F07D-4C83-A993-B5A2BD4AD16B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{88698B01-4043-4814-B2C8-8C5174CC35EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8EBEE16F-72CC-4C9D-B775-64E93BEAA3BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9865514F-8250-496C-A031-AE32050C331C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98F285F7-E1D8-420C-A3A9-829DAC3C2736}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC83BD08-F87E-4F5C-871F-62899CDE0AC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD30611F-0DDB-4CCB-BD89-186F7FFEAA35}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DEE71EA4-F4AB-4353-9DE8-03232BAA3121}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E7C9D80F-0F46-4A94-9C27-D90378B1B095}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA4E9D8A-9535-4969-AFB3-3501A8A622ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
========== Vista Active Application Exception List ==========
"{0E8CD382-667E-419E-B224-BFB6F852DC24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1194F814-D13F-44BB-BE32-A9F9C79F8CC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{122E3CE9-EC86-4298-82AF-B50E045C173F}" = protocol=6 | dir=out | app=system | 
"{34FE48D2-19B1-4CD2-92AD-AD777031A04D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{480B4516-99BB-41BA-984A-C58DC62952A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67C26132-987B-4B56-BF53-461451DE5C17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79E84BD1-6FD9-4D3A-91AF-BAD80C6CF09B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{802FE529-0FC2-457E-9F15-2935ED2377A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{830AB827-2970-46B7-860B-5A47820E104E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{92D8FC06-57EA-4565-A627-556C0E4D8074}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F17A77B-32F0-4FC6-9BAD-59D3F4E86529}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BDE48AFC-F5BC-4F10-AA47-0350F6D4E883}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3A63557-0086-4E2B-8B0D-C005E50F2D77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C87D2164-6CF6-4180-9943-675CF74FE421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCF6FEFC-D10B-4829-A162-EA32CD4AEC20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DF281E1F-44EC-4FAE-A6B5-5C03170DE884}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E1CD1756-A027-49B4-B2F2-BE81712FE7D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4545697-9145-447D-9096-04C49412074D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB7DBAFA-97BD-4EC3-903D-2C2FFD117560}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{BFD24BAA-8AAE-4FF9-B7A9-1BBD7E10DF8B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0BBC1155-E451-4328-97C3-B8F5A2F1DB43}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C7BCCCA-F9F3-82A6-FE6A-1160F7E14745}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D707A04-9C3B-D735-1169-2C36A02EC1FD}" = Catalyst Control Center Core Implementation
"{0E0AA7EF-A847-3C08-ABF9-EDA7936DAFC5}" = Catalyst Control Center Graphics Full New
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{228B5714-9E6F-B9AE-6B6D-E8FF31C2A6D0}" = CCC Help German
"{25D90A06-E086-614F-203C-9ADB3A83709C}" = CCC Help French
"{2CDC3BD6-CA3D-F3FE-9700-FCBDB7CFA4C0}" = ccc-core-static
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36281CC3-FA8D-3008-4D50-53F7DF2DD9FB}" = ccc-utility
"{3A6631D2-7523-5046-ACF3-EC6FAD28FBA5}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0D4FC1-AF9E-BB44-2E17-872B462646FF}" = ATI Catalyst Install Manager
"{40DE7141-333D-8D31-97FF-5C0ED5F3B552}" = CCC Help Polish
"{4E7101FC-D19E-717B-F5F1-05DFAE4DC7CE}" = CCC Help Dutch
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{668B9FC5-9FA8-5C47-4AB5-E59D6D6E2123}" = CCC Help Greek
"{6A154072-2009-7396-1B4F-1BBBEADD4895}" = CCC Help Swedish
"{6E0D5213-BD75-A091-4162-C6311745C23B}" = Catalyst Control Center Graphics Previews Common
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{84194016-CDFE-FD7D-017E-6FDDDEBF9888}" = CCC Help Danish
"{844BD550-45F4-AD73-412F-CF40CFAFA5E9}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942FB97A-B829-0371-5C91-74DAEAFF6900}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9841591-47F4-7E49-0F1E-7E2ED014E248}" = CCC Help English
"{AB82ED30-1B6F-8B9A-2835-E4141A88BB6F}" = CCC Help Norwegian
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B3D12C7E-6E25-D407-074D-931D66023EAE}" = CCC Help Czech
"{B8ED984C-54AF-5705-EF5C-2739262F113F}" = CCC Help Japanese
"{C121C592-D8AB-8F29-309B-EA85483D6C51}" = CCC Help Chinese Standard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D028B96F-8C9F-63DA-83EB-0F00D87700DA}" = CCC Help Finnish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D311066E-6530-CEA2-7BCF-A665416AF11C}" = CCC Help Thai
"{D8E0E80A-E5CA-9F64-2E46-CE694830507B}" = Catalyst Control Center Localization All
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24D41C-022A-29DC-E4D4-F9C871F76DD4}" = CCC Help Russian
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0631725-6F53-0BFB-5C02-CA8DEF14C7B2}" = Catalyst Control Center Graphics Full Existing
"{E5470B21-CA46-8BDD-247F-8717536DCFEB}" = CCC Help Chinese Traditional
"{EB47C52F-CE56-1066-5FB4-0B7663410A7C}" = Catalyst Control Center HydraVision Full
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFC47A05-3212-F334-EDA5-C5D2907419FE}" = CCC Help Hungarian
"{F09DA254-8879-1E7F-C14D-FFE8626F804B}" = Catalyst Control Center Graphics Previews Vista
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F404F36C-8FEF-5EA8-6D92-8B64F186D2C0}" = CCC Help Korean
"{FBFBDF43-D184-2AC4-A566-3DDF155979D3}" = CCC Help Spanish
"{FE8F944C-5209-8EEB-604D-0BAB9B2A4540}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"STANDARD" = Microsoft Office Standard 2007
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
========== HKEY_USERS Uninstall List ==========
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2013 23:17:32 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31699
Error - 12.03.2013 23:17:32 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31699
Error - 12.03.2013 23:17:47 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.03.2013 23:17:47 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 47440
Error - 12.03.2013 23:17:47 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 47440
Error - 12.03.2013 23:18:03 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.03.2013 23:18:03 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 63087
Error - 12.03.2013 23:18:03 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 63087
Error - 12.03.2013 23:18:19 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.03.2013 23:18:19 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 78749
Error - 12.03.2013 23:18:19 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 78749
[ Media Center Events ]
Error - 13.03.2010 05:09:32 | Computer Name = silwi-PC | Source = MCUpdate | ID = 0
Description = 10:09:32 - Fehler beim Herstellen der Internetverbindung.  10:09:32 
-     Serververbindung konnte nicht hergestellt werden..  
Error - 13.03.2010 05:09:43 | Computer Name = silwi-PC | Source = MCUpdate | ID = 0
Description = 10:09:37 - Fehler beim Herstellen der Internetverbindung.  10:09:37 
-     Serververbindung konnte nicht hergestellt werden..  
[ OSession Events ]
Error - 10.04.2011 07:35:42 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3219
 seconds with 240 seconds of active time.  This session ended with a crash.
Error - 17.07.2011 19:38:05 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46853
 seconds with 660 seconds of active time.  This session ended with a crash.
Error - 11.08.2011 05:13:43 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1706
 seconds with 300 seconds of active time.  This session ended with a crash.
Error - 17.09.2011 18:59:58 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1619
 seconds with 0 seconds of active time.  This session ended with a crash.
[ System Events ]
Error - 12.03.2013 16:19:03 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.03.2013 16:19:35 | Computer Name = silwi-PC | Source = PNRPSvc | ID = 102
Description = 
Error - 12.03.2013 16:19:35 | Computer Name = silwi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
Error - 12.03.2013 16:19:35 | Computer Name = silwi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
Error - 12.03.2013 17:16:47 | Computer Name = silwi-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
Error - 12.03.2013 23:16:51 | Computer Name = silwi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.03.2013 23:16:51 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 13.03.2013 08:34:43 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 13.03.2013 08:34:43 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 13.03.2013 08:38:51 | Computer Name = silwi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
< End of report >

Alt 13.03.2013, 14:16   #6
/// Winkelfunktion
/// TB-Süch-Tiger™
Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649 - Standard

Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

O1 - Hosts: 3dns.adobe.com 
O1 - Hosts: 3dns-1.adobe.com 
O1 - Hosts: 3dns-2.adobe.com 
O1 - Hosts: 3dns-3.adobe.com 
O1 - Hosts: 3dns-4.adobe.com 
O1 - Hosts: activate.adobe.com 
O1 - Hosts: activate-sea.adobe.com 
O1 - Hosts: activate-sea.adobe.com 
O1 - Hosts: activate-sjc0.adobe.com 
O1 - Hosts: activate.wip.adobe.com 
O1 - Hosts: activate.wip1.adobe.com 
O1 - Hosts: activate.wip2.adobe.com 
O1 - Hosts: activate.wip3.adobe.com 
O1 - Hosts: activate.wip4.adobe.com 
O1 - Hosts: adobe-dns.adobe.com 
O1 - Hosts: adobe-dns-1.adobe.com 
O1 - Hosts: adobe-dns-2.adobe.com 
O1 - Hosts: adobe-dns-3.adobe.com 
O1 - Hosts: adobe-dns-4.adobe.com 
O1 - Hosts: practivate.adobe 
O1 - Hosts: practivate.adobe
hiermit ist das Thema beendet

Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
--> Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649

mh kein plan wieso das in den host ist, da ist eine studenten version von cs5 drauf und ansonsten nix. naja muss ich meiner freundin mal auf die finger hauen.

an der uni gibts von ms nur prof editionen.

aber nagut dann wird der rechner halt neu aufgesetzt.

Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649

Ok, dann ist die Pro-Version ok, aber solche Einträge in der Hosts-Datei gehen garnicht
Logfiles bitte immer in CODE-Tags posten

kp was die da machen. meine freundin hat von so was kein plan, ich brauch es nicht da ich alles kostenlos überdie uni bekomm was ich brauch. könnte höchstens wieder mal irgendein honk auf ihrer arbeit gewesen sein der ihr was tolles neues drauf machen wollte, wäre nicht das erste mal.


