Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.07.2012, 21:17   #1
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hallo wieder einmal...

letztens erst der Pc meiner Freundin und nun hat es meinen genau so erwischt.
Als ich mich gerade ein bisschen durch Google, Youtube etc. durchgeklickt habe wurde aufeinmal ein neuer TAB geöffnet und prompt hat JAVA irgendwas geladen, habs aber sofort alles zu gemacht.. war leider schon zu spät.

Habe irgendwie das Gefühl das das alles durch JAVA eingeschleußt wird zumindest bei mir und meiner Freundin der fall.

Avira hat mir gleich Meldungen gegeben das mehrere Infizierte Objecte gefunden wurden genauso wie Windows Defender. Wollte gleich nen Scan mit Malwarebytes machen aber da hat sich dann auf einmal das Sch*** Live Security Platinum eingeschaltet und mir alles beendet und gespeert.
Sitz grade im Abgesichertem Modus drin und wäre echt nett wenn wieder jemand von euch mal drüber schauen würde.


Hier mein OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.07.2012 21:08:44 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,24% Memory free
6,20 Gb Paging File | 5,64 Gb Available in Paging File | 91,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 207,96 Gb Free Space | 44,65% Space Free | Partition Type: NTFS
 
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.19 17:25:08 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] (                                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640)
DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m)
DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=c8de76e100000000000000ff01000001
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=c8de76e100000000000000ff01000001
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..keyword.URL: "hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=c8de76e100000000000000ff01000001&q="
FF - prefs.js..network.proxy.http: "213.197.182.78"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions
[2012.06.17 21:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions
[2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.05 09:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
[2012.06.17 21:42:18 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.24 18:12:29 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKCU..\Run: [Spotify] C:\Users\Ripchip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\RunOnce: [7531E8D01B24231F3A10F45F2F3B6FDA] C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA\7531E8D01B24231F3A10F45F2F3B6FDA.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 21:07:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.25 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax
[2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype
[2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.24 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.07.24 13:28:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations
[2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite
[2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps
[2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.06.28 16:17:26 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Facebook
[2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.25 21:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 21:03:36 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 21:03:35 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.24 12:42:12 | 298,609,418 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.25 21:02:57 | 000,023,040 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\800000cb.@
[2012.07.25 21:02:57 | 000,016,896 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\80000000.@
[2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@
[2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 19:29:17 | 000,583,680 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640.sys
[2012.07.24 19:29:17 | 000,008,192 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640m.sys
[2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.24 12:42:12 | 298,609,418 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.06.28 16:17:34 | 000,001,146 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.06.28 16:17:29 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.05.01 22:04:35 | 000,000,680 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.20 17:39:41 | 000,002,048 | -HS- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@
[2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft
[2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous
[2012.04.24 18:12:24 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Babylon
[2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft
[2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular
[2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient
[2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2
[2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org
[2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin
[2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u
[2012.07.25 14:50:28 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify
[2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer
[2012.06.13 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client
[2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.25 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.25 21:03:20 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



Hier der OTL Extra Log:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.07.2012 21:08:44 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,24% Memory free
6,20 Gb Paging File | 5,64 Gb Available in Paging File | 91,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 207,96 Gb Free Space | 44,65% Space Free | Partition Type: NTFS
 
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 83 94 EB 93 E6 05 CD 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AA46BE-1527-46A9-AE0A-0A1A8A0A01BF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1D34DC2E-BC41-4CBA-A48E-BEB67ED74E66}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{51DFC127-2DE5-4B41-B7B3-CAE445C6FAA5}" = lport=58317 | protocol=17 | dir=in | name=pando media booster | 
"{613BA39B-DEA3-4996-BF1D-5857339FFD83}" = lport=58317 | protocol=6 | dir=in | name=pando media booster | 
"{6EF41774-D0F7-4FB5-8658-42BE38887946}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D543DC0C-8487-4F82-B773-19F217285644}" = lport=58317 | protocol=17 | dir=in | name=pando media booster | 
"{F8E57F4B-E7F8-4F7B-ABD9-8B99DEFAD8CE}" = lport=58317 | protocol=6 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A9E5B3-088C-47EC-A240-13BFAE160FE2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{06E17781-57E0-444D-A81B-A8D6E003F051}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{0CBC8422-F3ED-420D-B75C-6972702581D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{0F08A710-04B7-436E-8E02-00AC2AA626E0}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{1038D44F-8DE0-40C2-A6B3-3ADE2805AF6F}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{15415FDE-9AD0-41DF-8832-698CE928CBED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15F566BB-015F-4288-8450-562F3FCCBB63}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{160B213F-8A5E-499E-ADC9-5156B32633FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1616131C-3927-452B-B31E-E372AD778735}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1C297F07-E2FF-494C-8B40-52D58F207438}" = protocol=6 | dir=in | app=c:\users\ripchip\appdata\roaming\.minecraft\minecraft cracked.exe | 
"{24AD413D-8530-4EDC-A2F3-C685C91B13A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2CD2AB6B-F0AE-4155-9260-6E13CE0FC172}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CE97A72-EB11-40DA-AD85-430C89273618}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{36B7A0D1-F047-4320-97F2-C0B9326C3E01}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{3DF6ADFF-10BA-43BC-844C-02977F4000DD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{416E5FCB-BE44-401E-A882-C3C5E696EDD2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{425A03E3-E1D5-4D7C-97A7-768CA03049BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{46ED64A0-D2C7-4AF8-B635-1F8F7FE63D84}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{4748A06D-EFB4-43F3-87E3-E9897C88D401}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4D2F3D62-42C9-40E5-9B93-4482D690BDDB}" = protocol=17 | dir=in | app=c:\users\ripchip\appdata\roaming\.minecraft\minecraft cracked.exe | 
"{4D3126C1-4AE5-453B-933A-1B97F337D59A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{52DFEA87-8A01-4CC1-9154-028867BDCE28}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{55D47FA3-A265-4BCD-BCAE-C8D62048149E}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{65CF1E00-8A3E-484A-87EB-4936691EE6AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{6BA10E83-1E56-436E-94D3-BD6183FCC582}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{76ADD17C-A86F-4E81-987D-238B3DA1C456}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{99ECA2AC-8035-466F-9888-E5389F130EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{9AA249FA-1810-4959-A96D-468B9D1D494C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{A023E56E-9356-43CE-B76F-BCC4D11673C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B87E3BE9-6A2D-4BA2-82CE-F21622F687D2}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{BCD4719C-D361-40E2-BAC0-DFAA984D3935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{D2AB7A57-FB0E-4413-97EE-29770BC3E584}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ripchip93\counter-strike source\hl2.exe | 
"{DF60322F-D24F-48FD-B148-367689BCEDE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ripchip93\counter-strike source\hl2.exe | 
"{DF90593F-CCCD-4470-BF0E-3AA2DC4718FE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{E292A45F-C1F4-4B7B-8072-FDB4E8618CBC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FED09411-FCF7-4349-B099-426B99727F23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{2877CEDD-64E4-49D4-90ED-869C8CD3EC97}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{59CA6DC4-44C3-4277-B0F2-4B0E54C0756F}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{ABB2F9B8-72B4-47DF-972A-F119503AA934}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C23D59CD-ED12-4AD5-AF09-00B4740DD30E}C:\users\ripchip\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ripchip\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0E5D2908-72BD-4894-A4B8-AFA93EFAA9B1}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{64D6E61F-4665-4173-96D8-C0E69A75A1AC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9127B0E4-651F-48D3-AE32-C79CA8C2590E}C:\users\ripchip\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ripchip\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{C7C990BC-3F69-4D36-8ED8-1CA82CD6D3F1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8A0CCEB1CE9A57BA1D36331A58157FF1E014B636" = Windows-Treiberpaket - Philips (SPC640) Image  (05/09/2009 1.0.0.6650)
"ESL Wire_is1" = ESL Wire 1.11.1
"F0CE85A0D4B89D85CF1AF29E050A1D0BEBCBD86D" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/20/2009 1.0.5.12)
"FDCB45DD5F1BF8F2153B3F259D2748CED0BF02F3" = Windows-Treiberpaket - Philips USB  (05/09/2009 1.0.0.6650)
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{463CF221-6026-40D1-AFB8-2759FC061F82}" = Philips SPC640NC Webcam Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FB9BA8A-E711-40E6-BBF0-77ED60A2940F}" = Facebook Messenger 2.1.4587.0
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Diablo III" = Diablo III
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"TeamViewer 7" = TeamViewer 7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Security Platinum" = Live Security Platinum
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2012 11:45:31 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25.07.2012 11:45:32 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.07.2012 11:45:32 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15272
 
Error - 25.07.2012 11:45:32 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15272
 
Error - 25.07.2012 11:45:33 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.07.2012 11:45:33 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16271
 
Error - 25.07.2012 11:45:33 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16271
 
Error - 25.07.2012 14:57:38 | Computer Name = Ripchip-PC | Source = Application Hang | ID = 1002
Description = Programm MSASCui.exe, Version 1.1.1600.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 850  Anfangszeit: 01cd6a63b84ab45b  Zeitpunkt der Beendigung:
 0
 
Error - 25.07.2012 15:06:07 | Computer Name = Ripchip-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.07.2012 15:07:04 | Computer Name = Ripchip-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.06.2012 11:52:20 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 13.06.2012 14:43:50 | Computer Name = Ripchip-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2012 um 20:41:31 unerwartet heruntergefahren.
 
Error - 13.06.2012 14:44:31 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 13.06.2012 14:44:31 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 17.06.2012 15:40:43 | Computer Name = Ripchip-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.06.2012 um 21:38:53 unerwartet heruntergefahren.
 
Error - 17.06.2012 15:41:19 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 17.06.2012 15:41:19 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.06.2012 16:10:29 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 20.06.2012 09:54:47 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.06.2012 09:54:47 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


MfG

Hier ein neuer Scan von OTL da ich ein bisschen was gemacht habe.

OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2012 19:59:04 - Run 2
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,03% Memory free
6,22 Gb Paging File | 4,40 Gb Available in Paging File | 70,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 208,04 Gb Free Space | 44,67% Space Free | Partition Type: NTFS
 
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe
PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.03.19 17:25:08 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640)
DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m)
DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..network.proxy.http: "213.197.182.78"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions
[2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions
[2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
[2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKCU..\Run: [Spotify] C:\Users\Ripchip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.25 21:53:12 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 21:07:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax
[2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype
[2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.24 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations
[2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite
[2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps
[2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.06.28 16:17:26 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Facebook
[2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 19:50:25 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 19:50:25 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 19:27:13 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.26 17:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 17:50:23 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.25 21:53:40 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 17:50:23 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.25 21:02:57 | 000,023,040 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\800000cb.@
[2012.07.25 21:02:57 | 000,016,896 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\80000000.@
[2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@
[2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 19:29:17 | 000,583,680 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640.sys
[2012.07.24 19:29:17 | 000,008,192 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640m.sys
[2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.06.28 16:17:34 | 000,001,146 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.06.28 16:17:29 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.20 17:39:41 | 000,002,048 | -HS- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@
[2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft
[2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous
[2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft
[2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular
[2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient
[2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2
[2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org
[2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin
[2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u
[2012.07.26 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify
[2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer
[2012.07.25 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client
[2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.26 19:27:13 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.25 21:03:20 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


MfG

Alt 26.07.2012, 20:32   #2
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\SysNative\drivers\SPC640.sys
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.03.20 17:39:41 | 000,002,048 | -HS- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@

:REG

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

MAM updaten und Fullscann, Log posten...

Cureit (über nacht laufen lassen, braucht sehr lange...
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris
__________________

__________________

Alt 26.07.2012, 20:39   #3
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Erstmal danke dafür das du auf meine Nachricht reagiert hast hehe

Hier herstmal die Datei die ich Überprüfen lassen sollte (das ist übrigens meine Philips Webcam xD)


VirusTotal:

Zitat:
SHA256: a2a1603065f7a655a914ea95188f0ed037cbf46433fe9a5b94971b498f93a773
File name: SPC640.sys
Detection ratio: 0 / 40
Analysis date: 2012-07-26 18:35:47 UTC ( 1 Minute ago )
0
0
More details
Antivirus Result Update
AntiVir - 20120726
Antiy-AVL - 20120726
Avast - 20120726
AVG - 20120726
BitDefender - 20120726
ByteHero - 20120723
CAT-QuickHeal - 20120724
ClamAV - 20120726
Commtouch - 20120726
Comodo - 20120726
DrWeb - 20120726
Emsisoft - 20120726
eSafe - 20120726
ESET-NOD32 - 20120726
F-Prot - 20120726
F-Secure - 20120726
Fortinet - 20120726
GData - 20120726
Ikarus - 20120726
Jiangmin - 20120726
K7AntiVirus - 20120726
Kaspersky - 20120726
McAfee - 20120726
McAfee-GW-Edition - 20120726
Microsoft - 20120726
Norman - 20120726
nProtect - 20120726
Panda - 20120726
Rising - 20120726
Sophos - 20120726
SUPERAntiSpyware - 20120726
Symantec - 20120726
TheHacker - 20120726
TotalDefense - 20120724
TrendMicro - 20120726
TrendMicro-HouseCall - 20120726
VBA32 - 20120726
VIPRE - 20120726
ViRobot - 20120726
VirusBuster - 20120725

Hier das Ergebnis vom OTL Fix:

Zitat:
All processes killed
========== OTL ==========
Folder C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA\ not found.
File C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@ not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ripchip
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 802816 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.1 log created on 07262012_204355

Files\Folders moved on Reboot...
File\Folder C:\Users\Ripchip\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Ripchip\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.26 20:44:06 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...

MAM? Meinst du damit Malwarebytes? Hatte erst kurz vor dem Fix mit OTL den du mir gegeben hast einen Fullscan am laufen:

Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ripchip :: RIPCHIP-PC [Administrator]

26.07.2012 17:55:11
mbam-log-2012-07-26 (17-55-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381508
Laufzeit: 1 Stunde(n), 14 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Das andere werd ich sofort ausführen und Meldung geben

MfG
__________________

Geändert von RIpchip (26.07.2012 um 20:53 Uhr)

Alt 27.07.2012, 23:26   #4
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Das steht ganz unten im Log aber Zwischendrin steht immer bei "Infiziert" eine 0 dahinter.. ?

Zitat:
-----------------------------------------------------------------------------
Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 444149
Infiziert: 5
Modifikationen: 0
Verdächtig: 0
Adware: 0
Dialer: 0
Scherzprogramme: 0
Riskware: 0
Hacktools: 0
Desinfiziert: 0
Gelöscht: 3
Umbenannt: 0
Verschoben: 2
Ignoriert: 0
Geschwindigkeit:: 335 Kb/s
Dauer:: 2:40:28
-----------------------------------------------------------------------------

=============================================================================
Gesamtsitzungsstatistik
=============================================================================
Gescannt: 476494
Infiziert: 5
Modifikationen: 0
Verdächtig: 0
Adware: 0
Dialer: 0
Scherzprogramme: 0
Riskware: 0
Hacktools: 0
Desinfiziert: 0
Gelöscht: 3
Umbenannt: 0
Verschoben: 2
Ignoriert: 0
Geschwindigkeit:: 20 Kb/s
Dauer:: 2:41:29
=============================================================================

Alt 28.07.2012, 22:18   #5
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

Cureit hat was gefunden:
Infiziert: 5
Modifikationen: 0
Verdächtig: 0
Adware: 0
Dialer: 0
Scherzprogramme: 0
Riskware: 0
Hacktools: 0
Desinfiziert: 0
Gelöscht: 3
Umbenannt: 0
Verschoben: 2

Suche im Log die Funde und poste sie und erstelle und poste auch ein neues OTL-Log...

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.07.2012, 11:58   #6
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hey,

Hier das was ich alles gefunden habe.. und mein OTL wurde als Trojaner erkannt o.O?
Habe es mir neu runtergeladen.


CureIt:

Zitat:
>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\54baebca.qua infiziert mit BackDoor.Maxplus.6342 - gelöscht
>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\5528da72.qua infiziert mit Trojan.DownLoad3.8247 - gelöscht
>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\56cada52.qua infiziert mit Trojan.DownLoad3.8247 - gelöscht
C:\Documents and Settings\Ripchip\Desktop\OTL.exe infiziert mit Trojan.Siggen4.12794 - nicht desinfizierbar - verschoben
C:\Documents and Settings\Ripchip\DoctorWeb\Quarantine\OTL.exe infiziert mit Trojan.Siggen4.12794 - nicht desinfizierbar - verschoben

OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.07.2012 11:45:45 - Run 3
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,93% Memory free
6,21 Gb Paging File | 4,60 Gb Available in Paging File | 74,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 207,06 Gb Free Space | 44,46% Space Free | Partition Type: NTFS
 
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe
PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.03.19 17:25:08 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640)
DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m)
DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..network.proxy.http: "213.197.182.78"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions
[2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions
[2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
[2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 21:50:43 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 	127.0.0.1		localhost
O1 - Hosts: 	::1		localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKCU..\Run: [Spotify] C:\Users\Ripchip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 11:37:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.28 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.07.28 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.26 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\DoctorWeb
[2012.07.26 20:40:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.25 21:53:12 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax
[2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype
[2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations
[2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite
[2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps
[2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.29 11:30:26 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 11:30:26 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 11:30:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 11:30:18 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.28 19:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.28 16:27:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.26 21:50:43 | 000,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 21:22:56 | 090,096,896 | ---- | M] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe
[2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.25 21:53:40 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.27 23:11:01 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 20:58:10 | 090,096,896 | ---- | C] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe
[2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@
[2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 19:29:17 | 000,583,680 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640.sys
[2012.07.24 19:29:17 | 000,008,192 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640m.sys
[2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft
[2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous
[2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft
[2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular
[2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient
[2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2
[2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org
[2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin
[2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u
[2012.07.29 11:34:55 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify
[2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer
[2012.07.28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client
[2012.07.28 16:27:01 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.28 19:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.28 19:49:38 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


MfG

Alt 30.07.2012, 08:01   #7
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

es sind noch Reste da...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@


:Commands
[emptytemp]
[resethosts]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Erstelle und poste ein neues OTL-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.07.2012, 16:30   #8
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hey,

Hier die Results von OTL nach dem Fix:

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Folder C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA\ not found.
File C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ripchip
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 494552 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_161856

Files\Folders moved on Reboot...
File\Folder C:\Users\Ripchip\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Ripchip\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.30 16:19:04 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...

Hier ein neues OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.07.2012 16:23:03 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 59,89% Memory free
6,20 Gb Paging File | 4,85 Gb Available in Paging File | 78,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 223,35 Gb Free Space | 47,95% Space Free | Partition Type: NTFS
 
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe
PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640)
DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m)
DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..network.proxy.http: "213.197.182.78"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions
[2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions
[2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
[2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.30 16:19:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 11:37:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.28 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.07.28 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.26 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\DoctorWeb
[2012.07.26 20:40:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.25 21:53:12 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax
[2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype
[2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations
[2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite
[2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps
[2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.30 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.30 16:20:43 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 16:20:43 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 16:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 16:20:35 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.30 16:19:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.26 21:22:56 | 090,096,896 | ---- | M] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe
[2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.25 21:53:40 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.27 23:11:01 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 20:58:10 | 090,096,896 | ---- | C] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe
[2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable
[2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe
[2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 19:29:17 | 000,583,680 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640.sys
[2012.07.24 19:29:17 | 000,008,192 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640m.sys
[2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft
[2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous
[2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft
[2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular
[2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient
[2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2
[2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org
[2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin
[2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u
[2012.07.30 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify
[2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer
[2012.07.28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client
[2012.07.30 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.30 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.30 16:19:10 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


MfG

Alt 30.07.2012, 17:03   #9
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

hmm, ein Verzeichnis hat überlebt, da setzen wir jetzt CF drauf an...

ComboFix-Script
Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).
Code:
ATTFilter
KILLALL::

ROOTKIT::
C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
         
Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

Bis auf das sieht es recht gut aus...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.07.2012, 17:29   #10
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hey,

Hab übrigens immer noch ein Problem das seit dem das mit den Trojaner und so etc. aufgetaucht ist mein Internet extrem langsam ist.. die beiden anderen Pc's im Haus sind normal meiner gurkt aber mit Ø50kb/s herrum anstatt meiner 240kb/s..

hier das CFLog:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-30.01 - Ripchip 30.07.2012  17:15:24.1.4 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.3070.1871 [GMT 2:00]
ausgeführt von:: c:\users\Ripchip\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Ripchip\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-28 bis 2012-07-30  ))))))))))))))))))))))))))))))
.
.
2012-07-28 09:27 . 2012-07-28 09:27	--------	d-----w-	c:\windows\Sun
2012-07-26 19:32 . 2012-07-28 15:21	--------	d-----w-	c:\users\Ripchip\DoctorWeb
2012-07-26 18:40 . 2012-07-26 18:40	--------	d-----w-	C:\_OTL
2012-07-26 16:09 . 2012-07-26 16:08	476976	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-26 16:08 . 2012-07-26 16:08	--------	d-----w-	c:\program files (x86)\Java
2012-07-25 19:57 . 2012-07-25 19:57	--------	d-----w-	c:\program files\CCleaner
2012-07-25 19:55 . 2012-07-26 18:45	--------	d-----w-	c:\program files (x86)\Google
2012-07-25 19:55 . 2012-07-25 19:59	--------	d-----w-	c:\users\Ripchip\AppData\Local\Google
2012-07-25 18:52 . 2012-07-25 18:53	--------	d-----w-	c:\programdata\7531E8D01B24231F3A10F45F2F3B6FDA
2012-07-25 09:49 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{05D612CA-A9DD-4194-806B-C1EA9E02DCA2}\mpengine.dll
2012-07-24 17:30 . 2012-07-24 17:30	--------	d-----w-	c:\program files\DIFX
2012-07-24 17:29 . 2009-06-15 07:25	8192	----a-w-	c:\windows\system32\drivers\SPC640m.sys
2012-07-24 17:29 . 2009-06-15 07:25	583680	----a-w-	c:\windows\system32\drivers\SPC640.sys
2012-07-24 17:29 . 2009-06-15 07:25	323584	----a-w-	c:\windows\SysWow64\stvspc.ax
2012-07-24 17:29 . 2012-07-24 17:29	--------	d-----w-	c:\windows\Philips
2012-07-24 17:29 . 2012-07-24 17:29	--------	d-----w-	c:\program files (x86)\Common Files\SPC640NC
2012-07-24 17:29 . 2009-06-15 07:04	1919968	----a-w-	c:\windows\system32\wdfcoinstaller01005.dll
2012-07-24 17:29 . 2009-06-15 07:03	113664	----a-w-	c:\windows\system32\drivers\phaudlwr.sys
2012-07-24 15:31 . 2012-07-30 14:13	--------	d-----w-	c:\users\Ripchip\AppData\Roaming\Skype
2012-07-24 15:31 . 2012-07-24 15:31	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-07-24 15:31 . 2012-07-24 15:31	--------	d-----r-	c:\program files (x86)\Skype
2012-07-24 15:31 . 2012-07-24 15:31	--------	d-----w-	c:\programdata\Skype
2012-07-24 11:07 . 2012-07-24 11:07	--------	d-----w-	c:\users\Ripchip\AppData\Roaming\IDMComp
2012-07-24 11:07 . 2012-07-24 11:07	--------	d-----w-	c:\programdata\IDMComp
2012-07-24 10:54 . 2012-07-24 10:54	--------	d-----w-	c:\program files (x86)\IDM Computer Solutions
2012-07-24 10:53 . 2012-07-24 10:53	--------	d-----w-	c:\users\Ripchip\AppData\Local\Downloaded Installations
2012-07-24 10:48 . 2012-07-24 10:48	--------	d-----w-	c:\program files\Software4u
2012-07-24 10:48 . 2012-07-24 10:48	--------	d-----w-	c:\program files (x86)\System.Data.SQLite
2012-07-09 15:42 . 2012-07-24 16:23	--------	d-----w-	c:\users\Ripchip\AppData\Roaming\Foxit Software
2012-07-09 15:41 . 2012-07-09 15:41	--------	d-----w-	c:\program files (x86)\Foxit Software
2012-07-09 15:35 . 2012-07-09 15:35	--------	d-----w-	c:\users\Ripchip\AppData\Local\Apps
2012-07-04 20:24 . 2012-07-04 20:24	--------	d-----w-	c:\program files (x86)\ROCCAT
2012-07-04 20:24 . 2001-09-05 19:18	225280	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-04 20:24 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-04 20:24 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-04 20:24 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-04 20:23 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-01 10:49 . 2012-07-01 11:23	--------	d-----w-	c:\program files (x86)\Diablo III
2012-07-01 10:49 . 2012-07-01 11:14	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-07-01 10:49 . 2012-07-01 11:14	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2012-06-30 18:30 . 2012-06-30 18:30	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 16:08 . 2012-03-19 21:28	472880	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-26 16:59	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-24 20:26	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 20:26	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 20:26	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 20:26	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 20:26	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-24 20:26	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 20:26	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-24 20:26	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 20:26	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-24 20:26	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-24 20:26	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-24 20:26	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 20:26	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-24 20:26	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-05-31 10:25 . 2012-03-19 21:28	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-09 20:07 . 2012-03-31 18:10	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 20:07 . 2012-03-31 18:10	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-24 12:50 . 2012-03-22 17:18	168864	----a-w-	c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"iDevice Manager Launcher"="c:\program files\Software4u\iDevice Manager\Software4u.IPELauncher.exe" [2012-06-19 132608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
- c:\users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-28 14:22]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
- c:\users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-28 14:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ripchip\AppData\Roaming\Mozilla\Firefox\Profiles\dsandmbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-30  17:28:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-30 15:28
.
Vor Suchlauf: 8 Verzeichnis(se), 239.647.862.784 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 239.313.043.456 Bytes frei
.
- - End Of File - - DDB8EDDD69C888DBDD46CE1A72542C88
         
--- --- ---

Geändert von RIpchip (30.07.2012 um 17:41 Uhr)

Alt 30.07.2012, 22:05   #11
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

das Teil ist nach wie vor da...
2012-07-25 18:52 . 2012-07-25 18:53 -------- d-----w- c:\programdata\7531E8D01B24231F3A10F45F2F3B6FDA
hmm, die Killbox hilft leider nicht bei Verzeichnissen...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:REG
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:0x00
"FirewallOverride"=dword:0x00

:Commands
[purity]
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Dann schauen wir mal was Hitman meint...
Hitman
Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten.
ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!)
Downloads - SurfRight
Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)...

Prüfen wir das Internet...
Lade Dir Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe runter, starte ihn und wähle folgende Optionen aus:
  • Internet Services
  • Windows Firewall
  • System Restore

Starte durch "Scan".
Das Logfile (FSS.txt) wird in dem Arbeitsverzeichnis erstellt.
Log hier posten

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.07.2012, 16:53   #12
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hey,

die Results von OTL hatte ich ausversehen weggeklickt.. hab dann da gesucht %systemroot%\_OTL aber das gibt es bei mir nicht... :/


Hier das Log von Hitman:

Code:
ATTFilter
HitmanPro 3.6.1.163
www.hitmanpro.com

   Computer name . . . . : RIPCHIP-PC
   Windows . . . . . . . : 6.0.2.6002.X64/4
   User name . . . . . . : Ripchip-PC\Ripchip
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2012-07-31 16:37:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 43s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 2

   Objects scanned . . . : 2.479.498
   Files scanned . . . . : 22.052
   Remnants scanned  . . : 335.453 files / 2.121.993 keys

Malware remnants ____________________________________________________________

   C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\L\ (ZeroAccess) -> Deleted
   C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\ (ZeroAccess) -> Deleted
         

Hier das Log von FFS:

Zitat:
arbar Service Scanner Version: 26-07-2012
Ran by Ripchip (administrator) on 31-07-2012 at 16:52:41
Running from "C:\Users\Ripchip\Desktop"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2012-03-19 17:17] - [2009-04-11 01:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-03-20 17:35] - [2012-01-03 16:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 00:29] - [2012-03-30 14:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2012-03-19 23:48] - [2011-03-02 18:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2012-03-19 17:17] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2012-03-19 17:17] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2012-03-19 17:16] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-03-19 17:17] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
MfG

EDIT:// Mein Internet geht wieder normal das Problem hat sich einfach aufgelöst

MfG

Alt 01.08.2012, 08:20   #13
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

das ist recht gut aus, Hitmann hat zumindest Teile des Rootkits erwischt...

Erstelle und poste nochmal ein neues OTL-Log & ein OSA-Log wie folgt:

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 01.08.2012, 16:24   #14
RIpchip
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hey,

hier das OTL Log:

Code:
ATTFilter
OTL logfile created on: 01.08.2012 16:09:49 - Run 5
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 47,09% Memory free
6,20 Gb Paging File | 4,41 Gb Available in Paging File | 71,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 220,67 Gb Free Space | 47,38% Space Free | Partition Type: NTFS
 
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe
PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640)
DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m)
DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..network.proxy.http: "213.197.182.78"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions
[2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions
[2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
[2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.30 17:22:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Desktop\osam_autorun_manager_5_0_portable
[2012.07.31 16:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.31 16:32:38 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\Ripchip\Desktop\FSS.exe
[2012.07.31 16:27:59 | 008,854,904 | ---- | C] (SurfRight B.V.) -- C:\Users\Ripchip\Desktop\HitmanPro36_x64.exe
[2012.07.30 17:28:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.30 17:22:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.30 17:09:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.30 17:09:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.30 17:09:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.30 17:09:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.30 17:09:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.29 11:37:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.28 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.07.28 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.26 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\DoctorWeb
[2012.07.26 20:40:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google
[2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.25 21:53:12 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax
[2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC
[2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype
[2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp
[2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations
[2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite
[2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps
[2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 16:10:39 | 004,272,474 | ---- | M] () -- C:\Users\Ripchip\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.08.01 16:05:23 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 16:05:23 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 16:05:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 16:05:13 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 22:27:02 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.31 16:32:52 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Ripchip\Desktop\FSS.exe
[2012.07.31 16:32:27 | 008,854,904 | ---- | M] (SurfRight B.V.) -- C:\Users\Ripchip\Desktop\HitmanPro36_x64.exe
[2012.07.31 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.30 17:22:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.30 17:08:48 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe
[2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe
[2012.07.26 21:22:56 | 090,096,896 | ---- | M] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe
[2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.01 16:10:17 | 004,272,474 | ---- | C] () -- C:\Users\Ripchip\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.07.30 17:09:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.30 17:09:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.30 17:09:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.30 17:09:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.30 17:09:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.27 23:11:01 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 20:58:10 | 090,096,896 | ---- | C] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe
[2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe
[2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip
[2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2012.07.24 19:29:17 | 000,583,680 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640.sys
[2012.07.24 19:29:17 | 000,008,192 | ---- | C] (                                                            ) -- C:\Windows\SysNative\drivers\SPC640m.sys
[2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk
[2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat
[2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.07.31 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft
[2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous
[2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft
[2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular
[2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software
[2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient
[2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2
[2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org
[2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin
[2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u
[2012.07.30 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify
[2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer
[2012.07.28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client
[2012.07.31 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
[2012.07.31 22:27:02 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
[2012.07.31 22:30:03 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Ich kann kein Log von OSAM Speicher wenn ich auf "Save Log" klicke.. passiert rein garnix.. :/

MfG

Alt 01.08.2012, 16:36   #15
Chris4You
 
TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Standard

TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...



Hi,

kannst Du das OSAM-Log abkopieren?

Das OTL-Log sieht gut aus... nix mehr vom Rootkit zu sehen...

Combofix deinstallieren:
Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist.
Combofix deinstallieren

Wie verhält sich der Rechner?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...
antivir, application/pdf:, autorun, babylon toolbar, babylontoolbar, bho, bonjour, converter, error, fehler, firefox, flash player, format, google, grand theft auto, helper, install.exe, logfile, monitor.exe, mozilla, mp3, nvidia update, pando media booster, port, registry, rundll, scan, search the web, searchscopes, security, software, spotify web helper, teamspeak, udp, vdeck.exe, vista, windows



Ähnliche Themen: TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. TR/Crypt.EPACK.Gen2 nach Platinum live security warnung
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (3)
  3. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (1)
  4. Live Security Platinum 3.6.1
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (3)
  5. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (15)
  6. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  7. Live Security Platinum 3.6.1
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (19)
  8. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  9. Live-Security-platinum mit OTL
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (1)
  10. Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2
    Log-Analyse und Auswertung - 18.08.2012 (25)
  11. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (33)
  12. Live Security Platinum 3.6.1, lässtiges Programm verweigert alle Anwendungen (exe)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (3)
  13. Live Security Platinum
    Log-Analyse und Auswertung - 06.08.2012 (1)
  14. Habe/Hatte Problem mit TR/ATRAPS.Gen2 - Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (1)
  15. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (1)
  16. TR/ATRAPS.Gen , TR/ATRAPS.Gen2 und Live Security Platinum gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  17. Live Security Platinum
    Alles rund um Windows - 10.07.2012 (1)

Zum Thema TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... - Hallo wieder einmal... letztens erst der Pc meiner Freundin und nun hat es meinen genau so erwischt. Als ich mich gerade ein bisschen durch Google, Youtube etc. durchgeklickt habe wurde - TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm......
Archiv
Du betrachtest: TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.